Upload
trinhdat
View
222
Download
3
Embed Size (px)
Citation preview
ITC Compliance Network Member Policies & Procedures Manual v1.3
1
i
The ITC Compliance Network
The Concept From 14th January 2005, any business engaging in General Insurance activity must be
regulated by the Financial Conduct Authority (FCA), formerly the Financial Services
Authority (FSA).
General Insurance activity is not limited to sales and includes other areas such as
administration and claims handling. There may be a number of employees within your
business that will be subject to the FCA rules and regulations.
The ITC Compliance Network provides an alternative to full FCA authorisation, where a fully
authorised Firm (ITC Compliance) takes responsibility for the regulated activities of Network
Members.
The sole purpose of the Network is to ensure that your customer’s needs are at the
forefront of everything you do, providing them with information that is clear, fair and not
misleading. To ensure this ITC Compliance provide you with all of the administration tools,
training resources; professional indemnity insurance (excluding travel companies) and
processes you need to enable you to sell General Insurance products in line with the FCA’s
Treating Customers Fairly (TCF) outcomes.
ITC Compliance also takes away the burden of being directly authorised by the FCA.
In line with clause 3.1.iii of the Terms and Conditions of ITC Compliance Network
Membership, ITC Compliance have provided this manual, which contains all the relevant
policies needed in order to maintain compliance with current FCA regulations and TCF
outcomes.
ITC Compliance Network Member Policies & Procedures Manual v1.3
2
Table of Contents
The ITC Compliance Network ............................................................................. 1 Table of Contents ............................................................................................... 2 ITC Compliance Network Charter ....................................................................... 5 Treating Customers Fairly (TCF) Policy .............................................................. 7 Introduction............................................................................................................................................... 8 Purpose .................................................................................................................................................... 8 Responsibilities ........................................................................................................................................ 8 Application ................................................................................................................................................ 8 Monitoring & Reporting .......................................................................................................................... 11 Management Information ....................................................................................................................... 11 FCA Principles for Business Policy .................................................................... 12 Introduction............................................................................................................................................. 13 Purpose .................................................................................................................................................. 13 Responsibilities ...................................................................................................................................... 13 Application .............................................................................................................................................. 13 Monitoring & Reporting .......................................................................................................................... 16 Management Information ....................................................................................................................... 16 Sales Practices Policy ....................................................................................... 17 Introduction............................................................................................................................................. 18 Purpose .................................................................................................................................................. 18 Responsibilities ...................................................................................................................................... 18 Application .............................................................................................................................................. 18 Reporting and Monitoring ....................................................................................................................... 25 Remuneration Policy ........................................................................................ 26 Introduction............................................................................................................................................. 27 Purpose .................................................................................................................................................. 27 Responsibilities ...................................................................................................................................... 27 Application .............................................................................................................................................. 27 Monitoring & Reporting .......................................................................................................................... 28 Management Information ....................................................................................................................... 28
Recruitment Policy ........................................................................................... 29 Introduction............................................................................................................................................. 30 Purpose .................................................................................................................................................. 30 Responsibilities ...................................................................................................................................... 31 Application .............................................................................................................................................. 31 Monitoring & Reporting .......................................................................................................................... 32 Management Information ....................................................................................................................... 32
Complaint Handling Policy ................................................................................ 33 Introduction............................................................................................................................................. 34 Purpose .................................................................................................................................................. 34 Responsibilities ...................................................................................................................................... 34 Application .............................................................................................................................................. 34 Monitoring & Reporting .......................................................................................................................... 37 Management Information ....................................................................................................................... 38 Financial Promotions & Marketing Policy ......................................................... 39 Introduction............................................................................................................................................. 40 Purpose .................................................................................................................................................. 40 Responsibilities ...................................................................................................................................... 40 Application .............................................................................................................................................. 40 Monitoring & Reporting .......................................................................................................................... 42 Management Information ....................................................................................................................... 43 Business Assurance Policy ............................................................................... 44
ITC Compliance Network Member Policies & Procedures Manual v1.3
3
Introduction............................................................................................................................................. 45 Purpose .................................................................................................................................................. 45 Responsibilities ...................................................................................................................................... 45 Application .............................................................................................................................................. 45 Monitoring & Reporting .......................................................................................................................... 47 Management Information ....................................................................................................................... 48 Training & Competence Policy .......................................................................... 49 Introduction............................................................................................................................................. 50 Purpose .................................................................................................................................................. 50 Responsibilities ...................................................................................................................................... 50 Application .............................................................................................................................................. 50 Monitoring & Reporting .......................................................................................................................... 51 Management Information ....................................................................................................................... 52 Financial Crime Policy ...................................................................................... 53 Introduction............................................................................................................................................. 54 Purpose .................................................................................................................................................. 54 Responsibilities ...................................................................................................................................... 54 Application .............................................................................................................................................. 54 Monitoring & Reporting .......................................................................................................................... 57 Management Information ....................................................................................................................... 57 Conflicts of Interest Policy ............................................................................... 59 Introduction............................................................................................................................................. 60 Purpose .................................................................................................................................................. 60 Responsibilities ...................................................................................................................................... 60 Application .............................................................................................................................................. 60 Monitoring & Reporting .......................................................................................................................... 63 Management Information ....................................................................................................................... 63 Gifts & Hospitality Policy .................................................................................. 64 Introduction............................................................................................................................................. 65 Purpose .................................................................................................................................................. 65 Responsibilities ...................................................................................................................................... 65 Application .............................................................................................................................................. 65 Monitoring & Reporting .......................................................................................................................... 67 Management Information ....................................................................................................................... 67 Risk Management Policy ................................................................................... 68 Introduction............................................................................................................................................. 69 Purpose .................................................................................................................................................. 69 Responsibilities ...................................................................................................................................... 69 Application .............................................................................................................................................. 69 Business Continuity Plan Policy (BCP) .............................................................. 71 Introduction............................................................................................................................................. 72 Purpose .................................................................................................................................................. 72 Application .............................................................................................................................................. 72 Approved Persons Policy .................................................................................. 73 Introduction............................................................................................................................................. 74 Purpose .................................................................................................................................................. 74 Responsibilities ...................................................................................................................................... 74 Application .............................................................................................................................................. 74 Monitoring & Reporting .......................................................................................................................... 77 Management Information ....................................................................................................................... 78 Regulatory Breaches & Incidents Policy ........................................................... 79 Introduction............................................................................................................................................. 80 Purpose .................................................................................................................................................. 80 Responsibilities ...................................................................................................................................... 80 Application .............................................................................................................................................. 80 Monitoring & Reporting .......................................................................................................................... 82 Management Information ....................................................................................................................... 82 Whistleblowing Policy ...................................................................................... 83
ITC Compliance Network Member Policies & Procedures Manual v1.3
4
Introduction............................................................................................................................................. 84 Purpose .................................................................................................................................................. 84 Responsibilities ...................................................................................................................................... 84 Application .............................................................................................................................................. 84 Monitoring & Reporting .......................................................................................................................... 85 Management Information ....................................................................................................................... 85 Record Keeping Policy ...................................................................................... 86 Introduction............................................................................................................................................. 87 Purpose .................................................................................................................................................. 87 Responsibilities ...................................................................................................................................... 87 Application .............................................................................................................................................. 87 Monitoring & Reporting .......................................................................................................................... 90 Management Information ....................................................................................................................... 90 Appendix 1: Financial Promotions Checklist ..................................................... 91 Appendix 2: Example Balanced Scorecard ........................................................ 92 Appendix 3: Complaint Reporting Form ............................................................ 93 Appendix 4: Example Financial Promotions Register ........................................ 94 Appendix 5: Example Call Monitoring Check-Sheet ....................................... 95 Appendix 6: Potential Conflict of Interest Form ............................................... 98 Appendix 7: Conflict of Interest Self Assessment Form .................................... 99 Appendix 8: Gifts & Hospitality Approval Form ............................................... 102 Appendix 9: Example Gifts and Hospitality Register ....................................... 103 Appendix 10: Impact Score Scale ................................................................... 104 Appendix 11: Likelihood Score Scale .............................................................. 106 Appendix 12: Exposure / Control Score Scale ................................................ 107 Appendix 13: Example Risk Register .............................................................. 110 Appendix 14: Example Business Continuity Plan ............................................ 111 Appendix 15: Example Telephone Cascade List .............................................. 120 Appendix 16: Business Continuity Plan Test Scenarios ................................... 120 Appendix 17: Form D ...................................................................................... 122 Appendix 18: Incident Report Form ............................................................... 136 Appendix 19: Regulatory Breaches ................................................................. 137
ITC Compliance Network Member Policies & Procedures Manual v1.3
5
ITC Compliance Network Charter In allowing Network Members to operate under ITC Compliance’s authorised regulatory
status, ITC Compliance is obliged to provide you with tools, processes and procedures to
enable you to trade in line with FCA rules, regulations and principles.
The following Charter outlines the main commitments that ITC Compliance and you, the
Network Member, agree to undertake.
Network
ITC Compliance commit to:
1. Supplying Network Members with Appointed Representative (AR), Introducer Appointed
Representative (IAR), or Connected Contract Exemption (CCE) status to allow you to engage in General Insurance activity
2. Providing and updating as necessary the ITC Compliance Network Policies and Procedures Manual
3. Providing an on-line Training and Competence solution for all relevant staff Members
4. Providing and hosting an ITC Compliance portal for regular returns from appropriate Network Members
5. Giving 28 days’ notice of any changes that will affect Network Members (where possible)
6. Undertaking an audit of each site at least once a year
7. Providing a compliant sales process and systems to support this commitment
8. Complaints handling on your behalf
9. Provision of PI insurance (where applicable)
10. Provide Financial Promotions guidance and approval
11. Undertake Call monitoring (where applicable), providing feedback in a timely manner.
12. Undertake Mystery Shopping (where appropriate) to ensure continued compliance of
Network Members.
13. Undertake desk based audits, ensuring Network Members continued compliance with the
FCA Regulations and TCF Outcomes.
14. Undertake Website reviews, providing guidance and approval
15. Providing clear and concise feedback in a timely manner following a review that requires
further action from the Network Member.
16. Undertake Terms of Business Agreement (TOBA) reviews to ensure adequate risk transfer is
in place with regard to Client Money.
ITC Compliance Network Member Policies & Procedures Manual v1.3
6
ITC Compliance Network Members commit to:
1. Treating Customers Fairly (TCF) in line with FCA and ITC Compliance requirements
2. Following the policies and procedures outlined within this manual in good faith
3. Where applicable, submitting the required periodic return in a timely and accurate manner
4. Notifying ITC Compliance of any changes to staff members that engage in regulated
activity
5. Notifying ITC Compliance of any changes in Approved Person status 6. Notifying ITC Compliance of all insurance related customer complaints received, as soon as
they are received.
7. Providing assistance and support at any audit
8. Nominating one individual to act as the Supervisor/Assessor of individual regulated staff
9. Informing ITC Compliance of any Conflicts of Interest that may have a negative impact
upon the Network Member’s ability to undertake the regulated activity compliantly or
affecting ITC Compliance’s supervision of the Network Member.
10. Inform ITC Compliance of any incidents that may impact upon the Network Member’s
customers, their ability to undertake the regulated activity or ITC Compliance’s everyday
activities or reputation, as per the Regulatory Breaches and Incidents policy.
ITC Compliance Network Member Policies & Procedures Manual v1.3
7
Treating Customers Fairly (TCF) Policy
ITC Compliance Network Member Policies & Procedures Manual v1.3
8
Introduction Treating Customers Fairly (TCF) is central to the corporate culture of ITC Compliance and
therefore as a Network Member, you should also be able to demonstrate this.
This ethos is underpinned by the FCA requirement to demonstrate the following TCF
outcomes.
1. Consumers can be confident that they are dealing with firms where the fair treatment of
customers is central to the corporate culture.
2. Products and services marketed and sold in the retail market are designed to meet the
needs of identified consumer groups and are targeted accordingly.
3. Consumers are provided with clear information and are kept appropriately informed
before, during and after the point of sale.
4. Where consumers receive advice, the advice is suitable and takes account of their
circumstances.
5. Consumers are provided with products that perform as firms have led them to expect,
and the associated service is of an acceptable standard.
6. Consumers do not face unreasonable post-sale barriers imposed by firms to change
product, switch provider, submit a claim or make a complaint
Purpose
To ensure compliance with these outcomes, ITC Compliance have appropriate procedures
which will encourage your staff to uphold the principle of TCF and the associated outcomes.
This policy sets out guidance to aid understanding of the requirements to comply with the
Treating Customers Fairly outcomes.
Responsibilities
The Approved Person should ensure they are able to evidence a culture of TCF across all
staff and management levels
Application
The requirements for each key area are as follows:
Product Development
As part of the development of new and or enhanced products or service propositions prior to
launch, the product provider will undertake the following:
ITC Compliance Network Member Policies & Procedures Manual v1.3
9
adequate research must have been conducted to identify the target market for which
they are being developed (TCF 2)
the needs of clients within the target market have been satisfied by the product or
service proposition (TCF 5)
risks to clients must be identified and considered throughout the development process
(TCF 1)
development will not compromise the ability to comply with regulatory requirements
(including TCF)
product and service propositions must be robustly tested via marketing and financial
modelling frameworks to ensure they are marketable, viable, profitable and serviceable
(TCF 1)
the complexity/simplicity of products or service propositions have been properly aligned
with the competence and capability profiles of the clients at which they are aimed (TCF
2)
product and service propositions must be clear in their pricing and charging structures
so that clients can make clearly informed decisions (TCF 3)
lessons learned from client feedback will be captured and fed into development
processes (TCF 1)
If for any reason, you feel that the products you offer fail to meet any of the above
points, you should inform ITC Compliance immediately.
Marketing (Financial Promotions)
All marketing materials need to be “clear, fair and not misleading” and must comply with
the FCA Rules on Financial Promotions, where applicable. (TCF 3)
Promotion strategies and materials must be reviewed to ensure consistency with TCF
requirements and compliance with FCA Rules.
All marketing (financial promotions) must be designed to ensure that the promotion of
brand, products and services, following the Financial Promotions checklist (Appendix 1)
adhere to the following:
Marketing must be clear, fair and not misleading, and must be approved by ITC
Compliance prior to use.
Marketing must ensure that clients are placed in an informed position to make well
informed purchasing decisions
Content should be balanced and must not promote benefits through the omission of
risks
Content must make clear how the product or service proposition meets the needs of the
intended markets
Marketing must be monitored for effectiveness in both commercial terms and reaction
from clients
Lessons learned from client feedback should be captured and the information used for
improvement and development of material.
ITC Compliance Network Member Policies & Procedures Manual v1.3
10
Sales and Advice Process
As a Network Member you may conduct transactions through a number of distribution
channels including face to face, the telephone, web-based, directly with clients, on both an
advised and non-advised basis.
An Advised Sale (you give advice) is where you give advice to a potential customer on the
merits of them buying a specific general insurance product, explaining how this meets their
demands and needs and recommending its purchase. This will be specific and individual
advice to the customer and should not be generic. This is in addition to all of the relevant
documentation, including the Status Disclosure Document, Policy Summary and full policy
terms and conditions
A Non-Advised Sale (you don’t give advice) is where you provide information only to a
potential customer leaving them to make a choice about how they wish to proceed and with
no recommendation made.
In this situation it is imperative that the customer is supplied with all of the relevant
documentation, including the Status Disclosure Document, Policy Summary and full policy
terms and conditions to enable the customer to make an informed buying decision.
The following TCF Sales and Advice requirements apply to all:
All sales and advice processes must be reviewed against the Financial Promotions
Checklist (Apendix 1) and authorised by ITC Compliance before they are implemented.
All sales and advice processes must be applied in a consistent and competent manner
that complies with regulatory requirements such as being clear, fair and not misleading,
informing customers of your regulatory status and providing the customer with enough
information for them to make an informed buying decision.
All sales documentation (paper and electronic) must satisfy appropriate creation and
retention standards.
Management information must enable the effective oversight of sales and advice to
clients to ensure compliance with regulatory requirements. For example records of the
number of complaints received, number of customer cancellations, and number of
policies sold etc.
Staff remuneration policies must not conflict with the overarching need to act in the
interests of customers.
Lessons learned from client feedback should be used for improvement and
developments of sales and advice processes.
To ensure compliance with this ITC Compliance provide a number of platforms on which to
conduct sales, and through the online training tool, ITC Compliance ensure that your staff
are able to undertake the specific regulated activity competently.
After Sales Support
This includes documentation of transactions, advice and evidence of cover, midterm
adjustments and cancellations, renewals and access to products, services and information
required by clients.
ITC Compliance Network Member Policies & Procedures Manual v1.3
11
As a Network Member, you should ensure after sales support delivers the required TCF
outcomes, by:
ensuring clients are kept up to date with details of the business relationship with them
ensuring that relationships with clients is underpinned with appropriate communications
and contact to provide clients with access to relevant products, services and information
ensuring that communications and contact with clients are appropriately targeted and
are clear, fair and not misleading
ensuring that clients are provided with the levels of service both promised to the clients
and required by them as their needs dictate
Claims and Complaints Handling
It is extremely important that all complaints about the sale of a regulated insurance product
are directed to ITC Compliance to investigate fully on your behalf. For more information,
please refer to the complaints handling policy further on in this manual.
When dealing with claims, whether acting for the policyholder or the insurer:
Make it clear for who you are acting for with reference to the Conflicts of Interests Policy
Ensure all communications are clear, fair and not misleading
Deliver standards of service consistent with the importance of claims to customers
Ensure that staff are appropriately trained to equip them with the necessary skills to
deal with claims and complaints effectively
Ensure regulatory requirements are observed at all times
Gather appropriate management information to ensure lessons learned from feedback
are fed into this and other processes
Monitoring & Reporting
ITC Compliance and the Network Members are responsible for maintaining compliance with
the FCA Treating Customer Fairly outcomes. To ensure this happens ITC Compliance has
robust procedures in place for the monitoring and the sign off of Financial Promotions, the
monitoring of Network Member’s websites and sales practises.
As well as this, as a Network Member, you should act upon any feedback provided by ITC
Compliance within agreed timescales and sales documentation must be completed clearly
and with the customer’s agreement.
Management Information
ITC Compliance collates Management Information including the number of policies sold and
the number of complaints received. This is periodically reviewed and considered against the
TCF Outcomes.
This Management Information will also form a standard agenda point of periodic board
meetings.
ITC Compliance Network Member Policies & Procedures Manual v1.3
12
FCA Principles for Business Policy
ITC Compliance Network Member Policies & Procedures Manual v1.3
13
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place. There are 11 Principles.
Purpose
These 11 Principles, along with the 6 Treating Customers Fairly (TCF) outcomes, are central
to everything you do.
This policy sets out the FCA 11 Principles for Business and explains how to adhere to them.
Responsibilities
You should understand that ITC Compliance are required by the FCA to commit to these
Principles and recognise the importance as they impose a wider duty, not only to adhere to
the regulatory rules, but also to conduct activities in the spirit of the principles. This includes
ITC Compliance ’s Network Members.
It is the responsibility of ITC Compliance , to ensure that you fully adhere to these Principles
and therefore this forms the basis of the Terms and Conditions of ITC Compliance Network
Membership. These Terms and Conditions can be found by logging onto ITC Compliance’s
website (www.itccompliance.co.uk) and once logged in clicking on the ‘Terms and
Conditions’ link on the footer of your Home page.
Application
The 11 FCA Principles for Business and how ITC Compliance adheres to them are set out
below:
1. Integrity: ‘A Firm must conduct its business with integrity’. ITC Compliance ensures that
ITC Compliance is able to demonstrate the business is based on honesty, trustworthiness
and sound business dealings.
This is demonstrated in the submission of your regular returns, documented sales practices,
such as the provision of an Initial Disclosure Document (IDD), the completion of a Demands
& Needs documents etc. and within clause 8 of the Terms and Conditions of the ITC
Compliance Network Membership.
2. Skill, Care & Diligence: ‘A Firm must conduct its business with due skill, care and
diligence’. ITC Compliance ensures that you are able to show that your business activities
are structured in such a way that care and diligence are exercised on a continual basis.
This is demonstrated through provision of the on-line training tool, ensuring that every
member of staff is competent to perform their role within your firm. ITC Compliance also
ensures that this Principle is met through monitoring Financial Promotions, website reviews
and the reconciliation of your monthly figures.
3. Management & Control: ‘A Firm must take reasonable care to organise and control its
affairs responsibly and effectively, with adequate risk management systems’.
ITC Compliance has developed robust systems to stay in control of its affairs. These include
the on-line training tool and as previously mentioned this enables ITC Compliance to
demonstrate that all staff undertaking a regulated activity are competent to carry out that
ITC Compliance Network Member Policies & Procedures Manual v1.3
14
activity. ITC Compliance has also developed systems to ensure that policies sold are done
so in a compliant manner, providing the customer with all of the relevant documentation
and information.
As well as this ITC Compliance undertake regular audits, desk based and site based,
monthly call monitoring (where applicable), website reviews and reviews of all Financial
Promotions, providing guidance and approval before they are used in circulation.
We collate all of the information received within Monthly ‘MI’ and this is reviewed on a
regular basis by Senior Management.
4. Financial Prudence: ‘A Firm must maintain adequate financial resources’. ITC
Compliance ensures that it is a financially sound and suitably resourced firm to enable the
undertaking of regulated activities.
It is a requirement within ITC Compliance’s Terms and Conditions of ITC Compliance
Network Membership, under clause 4.1.i) that you shall remain solvent as assessed in
accordance with the Regulations and throughout the term of ITC Compliance’s Agreement.
ITC Compliance shall use Credit Referencing firms to ensure that this is adhered to.
5. Market Conduct: ‘A Firm must observe proper standards of market conduct’. ITC
Compliance conducts business affairs in a manner that is regarded as ‘proper conduct’ and
expects you, as a Network Member, to do the same.
Section 4 of the Terms and Conditions of ITC Compliance Network Membership sets out how
ITC Compliance expects you to comply with this Principle. For example, as an Appointed
Representative Network Member, you must have an Approved Person who meets the FCA’s
criteria and you must be able to deliver the same level of protection to the Customer’s as if
they had dealt with ITC Compliance itself. This can be achieved by following the policies
within this manual and making full use of the systems available to you through the Network.
6. Customers’ Interests: ‘A Firm must pay due regard to the interests of its customers
and treat them fairly’. All customers must be placed at the centre of everything ITC
Compliance do.
ITC Compliance meet this Principle by reviewing Financial Promotions, websites and through
call monitoring to ensure that information is presented in a way that is clear, fair and not
misleading. As a Network Member, this Principle is extremely important and you must place
the same importance upon this as ITC Compliance. For example this Principle can be met by
issuing customers with appropriate IDD/SDD documents, undertaking Demands and Needs
assessments (where appropriate) and by following authorised procedures when selling
insurance to a customer.
7. Client Communication: ‘A Firm must pay due regard to the information needs of its
clients, and communicate information to them in a way which is clear, fair and not
misleading’.
This also falls in line with Treating Customers Fairly and is particularly important when using
Financial Promotions and is the main reason ITC Compliance review all promotions before
they are used. This is explained in more detail within the Financial Promotions and
Marketing Policy.
However you should note that this Principle applies to all communication you have with a
customer, including information given/provided before, during and after point of sale.
ITC Compliance Network Member Policies & Procedures Manual v1.3
15
8. Conflicts of Interest: ‘A Firm must manage conflicts of interest fairly, both between
itself and its customers and between a customer and another client’.
All Conflicts of Interest are to be identified and managed in line with the Conflicts of Interest
policy. Examples of a Conflict of Interest would be if a member of staff was placing large
amounts of business to a particular insurer because they previously worked at the insurer
and still had friends there. Or a product provider who offers a loan and cash gift in the
expectation of getting more business in return. Both of these would have to be reported to
ITC Compliance, in line with the Conflicts of Interest Policy immediately.
9. Relationships of Trust: ‘A Firm must take reasonable care to ensure the suitability of
its advice and discretionary decisions for any customer who is entitled to rely upon its
judgement’.
When selling regulated insurance products, there are two routes that, as a Network
Member, you can take. These are Advised and Non-Advised Sales.
An Advised Sale (you give advice) is where you give advice to a potential customer on the
merits of them buying a specific general insurance product, explaining how this meets their
demands and needs and recommending its purchase. This will be specific and individual
advice to the customer and should not be generic.
The suitability of advice and any other recommendations made by you forms a key part of
the insurance regulatory regime. Therefore the Statement of Demands and Needs is
extremely important in regard to endorsing this Principle. You must always ensure that it
is completed diligently on every occasion and used to examine (amongst other things)
customer eligibility, attitude to risk, other existing insurance policies, and any major
exclusions and benefits.
A Non-Advised Sale (you don’t give advice) is where you provide information only to a
potential customer leaving them to make a choice about how they wish to proceed and with
no recommendation made.
10. Clients Assets: ‘A firm must arrange adequate protection for clients’ assets when it is
responsible for them’.
It is a requirement within the Terms and Conditions of ITC Compliance Network
Membership, under clause 30.1 that no Network Members handle Client Money and under
clause 9.5.ii) that all Network Members shall have risk transfer granted by their Product
Provider(s).
This is usually granted within the Terms of Business Agreement (TOBA) between you and
the specific product provider. In essence it means that all premium monies received by you
should be held in a trust account, separate to all other assets you may hold, and receipt of
these monies by yourself is deemed as being received by the insurer. You are therefore
acting as agent of the insurer in the collecting of these premiums.
11. Relations with Regulators: ‘A firm must deal with its regulators in an open and
cooperative way, and must disclose to the FCA appropriately anything relating to the firm of
which the FCA would reasonably expect notice’.
ITC Compliance makes a point of keeping the FCA informed as to business activities in an
accurate and timely manner. In order to do this ITC Compliance, where applicable, obtain
regular returns from you which enable completion of the Retail Mediation Activities Return
ITC Compliance Network Member Policies & Procedures Manual v1.3
16
(RMAR) report.
It is also a requirement under clause 8.3 of the Terms and Conditions of ITC Compliance
Network Membership that all Network Members co-operate fully with the FCA if they gather
information on their own initiative. This will include information on any Notifiable Incidents
that may have occurred. Such Incidents should also be reported to ITC Compliance in line
with the Regulatory Breaches and Incidents Policy.
Monitoring & Reporting
As previously mentioned, there are a number of ways that ITC Compliance expect you to
report this required information and further details are provided in subsequent policies
within this manual.
Management Information
If ITC Compliance’s systems are used, accurate records in regard to all activities affecting
these Principles will be maintained. However ITC Compliance also expects you to keep your
own records, reviewing them periodically to ensure that compliance is maintained.
ITC Compliance Network Member Policies & Procedures Manual v1.3
18
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 1, 2, 3, 6, 7 & 9 are
the most relevant in relation to selling practises. In addition TCF outcomes 1, 2, 3, 4 and 5
also apply.
The Insurance Conduct of Business Sourcebook (ICOBs) within the FCA Handbook outlines
the requirements for the selling of insurance products. Its overall aim is to ensure that
customers are treated fairly by providing them with clear and fair information when they are
sold an insurance product.
Purpose
This document outlines ITC Compliance and Network Member’s regulatory requirements
with regard to undertaking regulated insurance sales (non-advised and advised). It provides
guidance on what should be incorporated into face to face and telephone sales processes in
order to ensure sales are made in a compliant manner and that customer detriment is
avoided.
Responsibilities
ITC Compliance as the Principal will ensure that as a Network Member, you are able to
evidence a culture of good sales practices across all staff and management levels
Application
As per clause 9.2 in the Terms & Conditions of ITC Compliance Network Membership, the
following process should be followed. This process applies to all sales staff on the Network.
It is your responsibility to ensure that the information contained within this policy is
provided to, and understood by, all members of staff for whom ITC Compliance have
regulatory responsibility.
The Sales Process
The sales process described below and the requirements imposed apply to all sales of
insurance products.
There are essentially five broad stages to the sales process (not including the renewal
process):
Step 1 Status Disclosure
Step 2 Eligibility and Disclosure of Material facts
Step 3 Statement of Demands and Needs
Step 4 Product Disclosure
Step 5 Price Disclosure
The specific requirements that need to be followed under each of the headings above are
discussed in more detail below.
The sales process that needs to be followed will vary depending upon whether the firm
operates on an advised or a non-advised basis and applies to all customers. ITC Compliance
operates on both an advised and a non-advised basis, i.e. some firms operate an advised
sales process and others have a non-advised sales process.
ITC Compliance Network Member Policies & Procedures Manual v1.3
19
Advised Sale
An Advised Sale (you give advice) is where you give advice to a potential customer on the
merits of them buying a specific general insurance product, explaining how this meets their
demands and needs and recommending its purchase. This will be specific and individual
advice to the customer and should not be generic.
In this situation it is imperative that the customer is supplied with all of the relevant
documentation, including the Status Disclosure Document, Policy Summary and full policy
terms and conditions to enable the customer to make an informed buying decision
If a firm (Network Member) elects to operate on an advised basis then it must hold the
relevant permissions to do so with ITC Compliance.
It is therefore essential that all staff and agents are aware of what they can and can’t say
when selling insurance products on behalf of the business.
Status Disclosure and Scope of Service
As part of the sales process (both advised and non-advised) all customers must be provided
with the following information:
The name of the firm and the address.
That the firm is an Appointed Representative of ITC Compliance that is authorised and
regulated by the FCA.
The scope of the service to be provided (i.e. that the customer will receive advice).
Whose products the firm will offer, i.e. does the firm only deal with one insurer or will
products/service from a range of insurers be offered?
Whether the customer will have to pay a fee for the services offered.
The process for making a complaint and the availability of the Financial Ombudsman
Service.
That the firm is covered by the Financial Services Compensation Scheme (FSCS).
This information must be provided before the sale is completed. In most cases this
information is provided in an Initial Disclosure Document (IDD). A paper based, bespoke
version of this document can be found under the “Compliance Documents” section of the
ITC Compliance website. The ITC system will also generate a bespoke copy of this document
as you proceed to undertake a sale.
For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the
time of the sale.
For a telephone sale, it is permissible for limited information to be provided over the
telephone, if express consent to receiving only limited information is obtained from the
customer. This is of course on the basis that the full information (i.e. an IDD) is provided to
the customer in written format immediately afterwards (i.e. sent via the post or by email, in
a pdf format, to the customer).
For telephone sales there are two possible scenarios that can be followed, depending on
whether the customer agrees to receive limited information.
If the customer agrees to receive limited information verbally the information that must be
provided is:
ITC Compliance Network Member Policies & Procedures Manual v1.3
20
The name of the sales agent, the firm they represent and the purpose of the call.
Details about the service that can be provided by the firm, i.e. You are an insurance
broker, you will be providing advice.
Whether the customer will have to pay a fee for the services offered.
The possibility of other taxes that may be payable.
Details on the cancellation rights (cancellation rights are only applicable for retail
consumers).
That other information is available on request.
Important: If the customer does not agree to receive limited information, the full
information as set out in the IDD, must be provided verbally to the customer.
Statement of Demands and Needs
If you are following an advised sales process, you must complete a Statement of Demands
and Needs form with the customer. The suitability of advice and any other
recommendations made by you forms a key part of the insurance regulatory regime.
Therefore the Statement of Demands and Needs is extremely important. You must always
ensure that it is completed diligently on every occasion and used to examine (amongst
other things) customer eligibility, attitude to risk, other existing insurance policies, and any
major exclusions and benefits. The form should include the following:
The customer’s specific demands and needs
An assessment of the customer’s affordibility to ensure that purchasing the product will
not cause financial hardship
Confirm that a personal recommendation has been made
Confirm the reasons why that contract is being recommended – i.e. the reasons why the
policy meets the demands and needs of the customer
When operating on an advised basis there are additional requirements that must be fulfilled.
Primarily you must take appropriate steps to ensure the suitability of the insurance product
that you are recommending.
This Statement of Demands and Needs is available through ITC Compliance’s different
systems and therefore does not need to be generated by you. However if for any reason
you feel that the Statement of Demands and Needs does not fit the product being sold, you
must notify ITC Compliance immediately so that any amendments can be made.
The following additional steps should be incorporated into the advised sales process:
Step 1 Establish the
customer’s demands
and needs
Seek relevant information from the customer
concerning their circumstances and objectives
in order to identify their requirements. This
must include any facts that would affect the
type of insurance recommended, such as any
relevant existing insurance policies.
Take into account information known to them,
in respect of other contracts where advice or
information has been provided.
Explain to the customer their duty to not
misrepresent any material facts both before the
contract commences and throughout its
ITC Compliance Network Member Policies & Procedures Manual v1.3
21
duration. The Adviser must take into account
the information the customer discloses.
Step 2 Matching suitability
to products
In assessing whether a contract is suitable to
meet a customer’s demands and needs an
Adviser must take into account:
Whether the level of cover is
sufficient for the risks the customer
wishes to insure.
The cost of the contract where it is
relevant to the customer’s demands
and needs.
The relevance of any exclusion,
excesses, limitations or conditions in
the contract.
The Adviser must inform the
customer of any demands & needs
which are not met.
Step 3 Presenting solutions Advisers must take reasonable steps to ensure
that any personal recommendation made is
suitable for the customer’s demands and needs
at the time the recommendation is made. The
reason why a specific recommendation is being
made must be clarified.
A recommendation may be made that does not
meet all of the customer’s demands and needs
provided:
There is no suitable contract
available.
The Adviser identifies to the
customer, when the personal
recommendation is made, the
demands and needs that are not
met.
If details of the customer’s existing insurance
arrangements are not available and they would
significantly affect the personal
recommendation that would be made then the
Adviser should:
Not make a personal
recommendation until details are
available without making it clear to
the customer that this may not be
suitable because not all details can
be accounted for.
If the customer acts on the personal
recommendation then all these records/details
must be retained and clearly identifiable on the
customer’s file.
ITC Compliance Network Member Policies & Procedures Manual v1.3
22
Non Advised Sales
A Non-Advised Sale (you don’t give advice) is where you provide information only to a
potential customer leaving them to make an informed choice about how they wish to
proceed and with no recommendation made.
In this situation it is imperative that the customer is supplied with all of the relevant
documentation, including the Status Disclosure Document, Policy Summary and full policy
terms and conditions to enable the customer to make an informed buying decision.
Status Disclosure and Scope of Service
As part of the sales process (both advised and non-advised) all customers must be provided
with the following information:
The name of the firm and the address.
That the firm is an Appointed Representative of ITC Compliance that is authorised and
regulated by the FCA.
The scope of the service to be provided (i.e. no advice will be given).
Whose products the firm will offer, i.e. does the firm only deal with one insurer or will
products/service from a range of insurers be offered?
Whether the customer will have to pay a fee for the services offered.
The process for making a complaint and the availability of the Financial Ombudsman
Service.
That the firm is covered by the Financial Services Compensation Scheme (FSCS).
This information must be provided before the sale is completed. In most cases this
information is provided in an Initial Disclosure Document (IDD). This document can be
found under the “Compliance Documents” section of the ITC Compliance website.
For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the
time of the sale.
For a telephone sale, it is permissible for limited information to be provided over the
telephone, if express consent to receiving only limited information is obtained from the
customer. This is of course on the basis that the full information (i.e. an IDD) is provided to
the customer in written format immediately afterwards (i.e. sent via the post or by email to
the customer).
For telephone sales there are two possible scenarios that can be followed, depending on
whether the customer agrees to receive limited information.
If the customer agrees to receive limited information verbally the information that must be
provided is:
The name of the sales agent, the firm they represent and the purpose of the call.
Details about the service that can be provided by the firm, i.e. You are an insurance
broker and you will not be able to provide any advice.
Whether the customer will have to pay a fee for the services offered.
The possibility of other taxes that may be payable.
Details on the cancellation rights (cancellation rights are only applicable for retail
consumers).
That other information is available on request.
ITC Compliance Network Member Policies & Procedures Manual v1.3
23
Important: If the customer does not agree to receive limited information, the full
information as set out in the IDD, must be provided verbally to the customer.
Statement of Demands and Needs
When following a non-advised sales process, the format of the Statement of Demands and
Needs is different as it is simply a statement informing the customer, which of their
demands and needs have been met by the policy. For example; “This product meets the
demands and needs of those wishing to insure the contents of their home.”
A Demands and Needs statement must be provided in writing to the customer before they
buy the policy. If the customer is sold the insurance policy over the telephone this
information can be provided verbally but must be sent to the customer in writing
immediately afterwards.
This Statement of Demands and Needs is available through ITC Compliance’s different
systems and therefore does not need to be generated by you. However if for any reason
you feel that the Statement of Demands and Needs does not fit the product being sold, you
must notify ITC Compliance immediately so that amendments can be made.
Eligibility and Misrepresentation
Eligibility
As a Network Member, it is your responsibility to ensure that their sales process confirms a
customer’s eligibility to claim under the policy. If there are any known exclusions, checks
should be undertaken to see whether these would mean that the customer would be unable
to claim on a policy should the need arise. For example, if the policy would not cover a car
for racing purposes should the policy be sold to the driver looking to take his car racing at
the weekends?
If during the sales process it is identified that only parts of the insurance cover apply to the
customer, then steps must be taken to ensure that the customer is made aware of this.
The golden rule is that the customer must be provided with sufficient information about
what the insurance policy will and will not do, to be able to make an informed decision
about whether that policy is right for them.
Misrepresentation
The insurer will use the information provided by the customer to assess the risks of
providing the cover and to determine whether or not to accept that risk and what the
premium will be. Since the CIA (Consumer Insurance Act) came into effect in April 2013
customers are under a duty not to misrepresent. It is therefore imperative that the
customer is asked specific questions for underwriting purposes and you should not rely
solely on the customer’s disclosures. If key information is omitted during the sales process
but comes to light during the claims process, the insurer could be entitled to reject the
claim. However Insurers cannot decline claims if they have not asked the correct and
relevant question.
ITC Compliance Network Member Policies & Procedures Manual v1.3
24
Important: At any time during the contractual relationship the consumer is entitled, at their request, to receive the contractual terms and conditions on paper. The consumer is also entitled to change the means of distance
communication used unless this is incompatible with the contract concluded or the nature of the service provided.
Product Disclosure
As part of the sales process (both advised and non-advised) customers must be provided
with sufficient and appropriate information about the product to allow them to make an
informed decision. The information should be modified to reflect the type of customer
purchasing the policy.
The information can be provided in a Policy Summary, which must be provided in writing
and must be provided to the customer at the time of the sale (for a face to face sale) or
immediately afterwards (for a telephone sale).
It is not mandatory to provide a policy summary for all products however where this is
provided, the responsibility for creating a policy summary rests with the insurer, whilst the
responsibility for providing the policy summary to the customer rests with you.
Price Disclosure
Before the customer makes the decision to purchase the policy they must be provided with
details of the full price to be paid for the insurance product to ensure that purchasing the
policy will not cause any financial hardship to the customer. This will need to be broken
down to include:
The cost of the insurance policy, including IPT
The cost of any optional extras (i.e. legal expenses), including IPT
The total cost payable (i.e. the insurance premium plus the cost of optional extras)
Providing Evidence of Cover
Following the conclusion of the sale the customer should be provided with:
Confirmation of the insurance, including a breakdown of the total premium paid
Evidence of the cover provided
Full policy wording containing all the terms and conditions
Details on how to cancel the policy (NB cancellation rights are only applicable for retail
consumers)
Details on how to make a claim
Details on how to complain and the right to refer complaints to the Financial
Ombudsman Service (FOS)
Details of the Financail Services Compensation Scheme (FSCS)
Cancellations
Retail consumers are provided with cancellation rights. Effectively this means that they
have 14-days (30 days for protection policies) in which to change their mind about the
purchase of their insurance policy. If a retail consumer wants to cancel their insurance
policy they do not have to provide any reason for the cancellation.
The cancellation period begins from the day the policy is sold; or if later, from the day that
the retail consumer receives the policy terms and conditions.
ITC Compliance Network Member Policies & Procedures Manual v1.3
25
Where a retail consumer chooses to cancel their policy within the cancellation period they
are entitled to a full refund of the premium paid. The only exceptions to this are where a
claim has already been made and paid under the policy, or if a cancellation/administration
fee is payable.
Renewals
This section is only applicable if you carry out policy renewals on behalf of an Insurer.
The customer must be provided with full renewal terms, including a breakdown of the cover
and price. The renewal terms must include the following information:
Details of the insurance cover provided, including any optional extras selected (NB it
must be clear to the customer what level of cover is provided and which extras selected
are optional).
A full breakdown of the renewal premium (see Section 3.7 Price Disclosure)
Details of the renewal date and whether the policy will renew automatically or if the
customer needs to take some action
Evidence of the cover provided.
A statement of any changes to the terms of the policy and an explanation of those
changes.
A statement advising the customer who they should contact if their circumstances have
changed and they need to make amendments to their policy.
The materials facts disclosure (see Section 3.4)
As a general rule, customers should be provided with renewal documentation at least 21
days before the renewal date. This is to ensure that all customers have sufficient time to
review the documents, make any amendments if necessary or seek alternative providers.
Reporting and Monitoring
ITC Compliance’s bespoke system allows for the monitoring and reporting of both advised
and non-advised sales.
Where appropriate it is your responsibility to report your sales figures to ITC Compliance
through your periodic returns.
All scripted sales processes are approved by ITC Compliance prior to use; any new script
request should follow the Financial Promotions Policy procedure.
ITC Compliance Network Member Policies & Procedures Manual v1.3
27
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principle 3 is the most relevant
to remuneration. In addition Treating Customers Fairly outcome 1 also applies.
In addition the following rule from the Systems and Controls Rulebook: SYSC 3.1.1R A firm
must take care to establish and maintain such systems and controls as are appropriate to its
business.
Purpose
ITC Compliance is required to manage Network Member’s staff remuneration, including
incentives in such a way that any potential risk of miss-selling is reduced.
As per clause 5.3 within the Terms and Conditions of ITC Compliance Network Membership,
you may not accept any secret profit, income or inducement from any Product Provider,
which provides an incentive to promote or recommend any one product in preference to
other products.
The FCA has published guidance in this area including good and bad practice.
This policy refers to that guidance to aid understanding of the requirements when
considering how staff and management working in an FCA regulated environment should be
remunerated. It also details the risk mitigation actions that both ITC Compliance and you
should take.
Responsibilities ITC Compliance has documented and implemented robust procedures for the effective management of remuneration schemes.
Application
It is acceptable to incentivise staff to sell, but this must never be at the customer’s expense
and the risks will be managed appropriately.
The FCA has highlighted a series of failings, which are detailed below. Management must
consider these when any incentive or remuneration scheme is created or reviewed:
Firms failing to identify how incentive schemes might encourage staff to miss-sell,
suggesting they had not sufficiently thought about the risks.
Firms failing to understand their own incentive schemes because they are so complex,
therefore making it harder to control them.
Firms not having enough information about their incentive schemes to understand and
manage the risks.
Firms relying too much on routine monitoring, rather than taking account of the specific
features of their incentive schemes.
Sales managers with clear conflicts of interest that are not properly managed.
Firms having links to sales quality built into their incentive schemes that were
ineffective.
Firms not doing enough to control the risk of miss selling in face-to-face situations.
ITC Compliance Network Member Policies & Procedures Manual v1.3
28
Your remuneration scheme must be documented and available upon request at audits
undertaken by ITC Compliance.
ITC Compliance use the term ‘mis-selling’ in this document to refer to a failure to deliver the
following fair outcomes for consumers:
customers are treated fairly (TCF 1)
customers understand the key features of the product and whether they are being given
advice or information (TCF 3, 4)
customers are given information that is clear, fair and not misleading (TCF 3)
information that enables them to make an informed decision before purchasing a
product or service (TCF 3)
customers buying on an advised basis are recommended suitable products. (TC4)
As part of your remuneration policy, management must consider the following:
if the incentive schemes increase the risk of mis-selling
review whether the governance and controls are adequate
take action to address any inadequacies – this might involve changing the scheme
where risks cannot be mitigated, take action to change the scheme
consider the impact of performance management for scheme members
A good Incentive Scheme should include the following:
a quality (compliant) element
consideration of client cancellations
a capped (or decreasing) incentive i.e. reducing or capping bonus’ when a sales volume
is approached. This avoids the temptation to rush sales through
deferred bonus payment (maybe subject to quality over a longer period e.g. half year,
yearly)
balanced scorecard, incorporating 4 measures that the sales staff will be assessed
against. One of these measures must be from a customer’s perspective (TCF). An
example of this is shown in Appendix 2.
No scheme must contain significant remuneration boosts for achieving sales targets alone at
given points in time. These are known as ‘cliff edges’ or ‘precipices’.
Monitoring & Reporting
You must maintain records of all incentive schemes for all employees
Management Information
You should ensure all staff have documented Key Performance Indicators (KPI’s) which may
be periodically reviewed to ensure there are no incentives to mis-sell as per the FCA
guidance.
ITC Compliance Network Member Policies & Procedures Manual v1.3
30
Introduction
The Financial Conduct Authority (FCA) expects businesses to conduct their business within
the rules and Principles for Business they have put in place. There are 11 Principles in total;
however Principles 1 and 3 are most relevant to recruitment:
1. Integrity: A Firm must conduct its business with integrity.
3. Management & Control: A Firm must take reasonable care to organise and control its
affairs responsibly and effectively, with adequate risk management systems.
In addition the following rule applies from the Systems and Controls Rulebook: SYSC 3.1.1R
A firm must take care to establish and maintain such systems and controls as are
appropriate to its business.
In addition, Treating Customers Fairly customer outcome 1 is;
1. Customers can be confident that they are dealing with a firm where the fair
treatment of consumers in central to the corporate culture.
If the recruitment is for an Approved Person then there is an additional requirement that
ITC Compliance satisfies the FCA that a candidate is fit and proper to perform the controlled
function applied for.
Purpose
ITC Compliance perform adequate due diligence when recruiting new staff into a regulated
environment
Recruiting an inappropriate individual could lead to customer detriment and/or negative
action against ITC Compliance which could lead to regulatory fines or penalties.
This policy sets out guidance to aid understanding of the requirements when recruiting in an
FCA regulated environment. It is not intended to cover all Human Resource or Equal
Opportunities obligations.
Responsibilities
ITC Compliance has documented and implemented robust procedures for the effective
recruitment of new staff.
ITC Compliance Network Member Policies & Procedures Manual v1.3
31
Application
ITC Compliance has implemented robust procedures around recruiting new staff.
If the recruitment is for an Approved Person i.e. someone who carries out one of the below
defined FCA controlled functions then additional fitness and Propriety requirements apply.
Significant influence
functions (SIF)
CF 1 Director function
CF 2 Non-executive director function
CF 3 Chief executive function
CF 4 Partner function
CF 5 Directors of an unincorporated association
CF 6 Small friendly society function
CF 8 Apportionment and oversight function (Non-MiFID business
only)
CF 10 Compliance oversight function
CF 10A CASS Oversight Operation Function
CF 11 Money laundering reporting function
CF 12 Actuarial function
CF 12A With-profits actuary function
CF 12B Lloyd's Actuary function
CF 28 System and controls function
CF 29 Significant management function
Customer functions CF 30 Customer function
The requirements around Approved Persons fitness and Propriety are covered in more detail
in the Approved Persons Policy.
Regardless of whether an individual holds a controlled function they still need to be
competent to perform their work in a regulated environment.
It is the responsibility of the CEO and Director to ensure that all staff are competent to fulfil
such roles. Given the risk that poor management can pose to our financial soundness, ITC
Compliance ensure that such Approved Persons are ‘fit and proper’ to carry out their roles.
Monitoring & Reporting
ITC Compliance maintain our own records in relation to recruitment, this will include:
References obtained on individuals covering the last two years
Work history over the past five years
Form A and FCA correspondence if holding a controlled function (CF)
Details of history where this may have an impact on ITC Compliance or could
potentially lead to consumer detriment
Proof of ID and entitlement to work in the UK
As an ITC Compliance Network Member you should ensure all staff engaged in
regulated activity are able to meet the required standards set out in this policy. This
includes the ability to pass training modules and conduct sales in a competent and
compliant manner. ITC reserve the right to decline an individual’s approval to conduct
regulated activity, should they fall short of the required standard.
ITC Compliance Network Member Policies & Procedures Manual v1.3
32
The CEO and Director within ITC Compliance will have overall responsibility for adherence to
this policy.
Management Information
ITC Compliance verifies work and personal history appropriately in relation to the function
they are to perform.
Record Keeping
ITC Compliance will retain copies of recruits’ references
These records will be retained in line with ITC Compliance record keeping policy.
This policy will be reviewed periodically and historical records of changes retained for 6
years.
ITC Compliance Network Member Policies & Procedures Manual v1.3
34
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 5, 6, 8, 9 and 11 are
most relevant to complaint handling. In addition Treating Customers Fairly Outcomes six is
also relevant.
Purpose
The definition of a complaint is:
“Any expression of dissatisfaction, either oral or written, whether justified or not, from or on
behalf of, a customer or prospective customer, in relation to a regulated activity.”
As a Network Member of ITC Compliance, ITC Compliance expects all complaints, as defined
above, to be passed to them as soon as they have been received. Further details can be
found later in this policy.
Responsibilities
In the event that a customer wishes to complain or express dissatisfaction about an
insurance product sold by you, you must ensure that all staff are familiar with the
complaints process and understand how to handle such a situation.
As per section 10 in the Terms and Conditions of ITC Compliance Network Membership, all
complaints received with regard to General Insurance Products, for sales made or advice
given whilst you are/were a member of the ITC Compliance Network, must be submitted to
ITC Compliance IMMEDIATELY.
Application
In order to deal with complaints, ITC Compliance use and maintain a comprehensive
Complaints Management System.
You must provide ITC Compliance with any information, assistance or clarification as
required to investigate the complaint fully and thoroughly.
All complaints must be registered whether or not the complainant appears to be justified in
his/her actions. You can register the complaint using the Complaint Reporting Form
(Appendix 3) or through ITC Compliance’s website. When registering the complaint through
the ITC Compliance website select the ‘add a complaint’ option from the navigation page
and follow the onscreen instructions. Once you have submitted your complaint you will be
presented with a Complaint ID for your reference. From the complaints submission you will
also be able to access active and archived complaints, simply follow the onscreen
instructions.
In the event of a serious complaint being upheld against you, ITC Compliance reserves the
right to amend or revoke Membership of the Network. Should the customer complaint be
upheld and compensation payable in line with ITC Compliance Terms & Conditions of
Business, this will be your responsibility.
If you receive a complaint with regard to the sale of a General Insurance Products prior to
you becoming an ITC Compliance Network member, it should be dealt with directly by you.
ITC Compliance Network Member Policies & Procedures Manual v1.3
35
Upon receipt of the form ITC Compliance shall:
Date stamp it, and log it on the Complaint Management System.
Assess if the complaint is for you or a third party, e.g. insurer.
If the complaint is not for ITC Compliance, the Complaint Handler will ensure it is passed to
the correct business immediately, by use of the quickest method, e.g. scan to email or fax
to their nominated Complaint Handler.
Once the complaint has been logged and it has been established that the complaint is to be
handled, ITC Compliance shall undertake a thorough review to ascertain if the complaint can
be resolved by close of play of the next working day. If ITC Compliance feels it can be
resolved within this timescale, ITC Compliance shall contact you and provide their findings
so that you can decide if you wish to proceed with the resolution.
If a complaint is resolved by the close of the next working day, there is no requirement for
it to be reported to the FCA.
Investigating the complaint
Once a complaint has been received, ITC Compliance has 8 weeks or 56 days to undertake
a thorough investigation. During the investigation of the complaint ITC Compliance may ask
for further information from the complainant and yourselves. When this request is received,
ITC Compliance must receive a prompt response from you, even if you do not have the
information requested. If this is the case, your prompt response will allow ITC Compliance
to pursue other avenues to obtain the required information.
If after 8 weeks or 56 days, the required information has still not been received from the
complainant or Claims Management Company, which would allow ITC Compliance to resolve
the complaint, an 8 week holding letter is issued to the customer. This will detail the exact
information outstanding and explain the reasons why ITC Compliance is not able to respond
without this information.
If the information ITC Compliance are waiting for has been requested from the customer,
ITC Compliance shall confirm ITC Compliance are closing their complaint, however, upon
receipt of the required information, the complaint will be re-opened and investigated fully.
If the information has been requested from you or another third party, ITC Compliance shall
explain this to the customer and provide them with a timescale for when ITC Compliance
expect to issue a response. ITC Compliance will also provide them with details of how to
contact the Financial Ombudsman Service and the applicable 6 month time limit, if they are
not satisfied with this outcome.
Upon receipt of all of the required information ITC Compliance shall present its findings to
you with a recommendation of how to answer the complaint. Should you disagree with this
recommendation, ITC Compliance will make a decision based on all available evidence,
taking into account regulatory and FOS precedents and our previous experience of any
similar related complaints. This is in our capacity of Principal and being directly responsible
to the FCA. Throughout this process ITC Compliance shall be on hand to offer advice if it is
required.
ITC Compliance Network Member Policies & Procedures Manual v1.3
36
A table of decision definitions is below:
Decision definitions:
Upheld Where ITC Compliance agree with all the issues being raised by
the complainant and may recomend redress/compensation or ex
gratia payment.
Partially
Upheld
Where ITC Compliance agree that some of the issues being
raised were the fault of the Network Member and may recomend
redress/compensation or ex gratia payment.
Rejected Where ITC Compliance do not agree with the complainant, no
payment of redress/compensation or ex gratia will be made.
Once the decision has been made, a final response letter is drafted and sent to you for
review before being issued to the customer via recorded delivery post. This letter will also
provide the customer with details of how to contact the Financial Ombudsman Service and
the applicable 6 month time limit, if they are not satisfied with this outcome.
Redress/Compensation
All redress and compensation payments are the responsibility of the
Network/Former Network Member.
In many cases the amount of redress/compensation will involve an element of judgment as
to what is appropriate; however, care should be taken to ensure that any redress is fair and
consistent across complaints that are of a similar nature. The fundamental objective of
redress is to put the eligible complainant back into the position they would have been
in if the issue had not occurred.
All redress, including compensation, ex gratia and goodwill gestures should be approved and
authorised by ITC Compliance, before being offered.
The Financial Ombudsman Service (FOS)
The FOS is an independent dispute resolution service available to eligible complainants.
Complainants have 6 months from the date of the final response letter to take their
complaint to the Ombudsman if they remain unhappy with the final decision. If the
complainant exercises this right, the Ombudsman will contact ITC Compliance in order to
obtain sufficient information to carry out their own investigation. The FOS will charge a fee
to the company for every complaint that it has to adjudicate upon.
Any correspondence you receive from the FOS must be sent to ITC Compliance, who will
check the Complaint Management System to establish the status of the complaint (new or
existing, open or closed). ITC Compliance is responsible for all FOS correspondence and
assessing whether the FOS involvement can be challenged or negotiating where settlement
can be arranged informally.
The FOS will consider complaints from an eligible complainant, where a final response has
been issued or where the complaint has been outstanding for a period of over 8 weeks. An
eligible complainant can be classed as:
ITC Compliance Network Member Policies & Procedures Manual v1.3
37
A Consumer: an Individual acting in his or her own private capacity. Examples
would be customers with GAP, SMART, Mechanical Breakdown Insurance and Rescue
and Recovery Insurance.
A Micro-Enterprise: a business which employs fewer than 10 people and has a
turnover that does not exceed €2 million.
If a consumer takes a complaint to the FOS before complaining to ITC Compliance, the
FOS will refer the complaint back to ITC Compliance to be fully investigated. If the
complaint is then resolved to the consumer’s satisfaction, they will have no further
involvement in the case.
Financial Ombudsman Process
When the FOS receives a complaint they will notify ITC Compliance in writing. At this point
ITC Compliance shall inform you of their involvement and provide them with the Final
Response and all supporting Documentation. They will conduct an independent review and
respond to ITC Compliance and the customer when a decision has been made. If the FOS
find in favour of the customer and decides that redress is payable, ITC Compliance are able
to appeal this decision.
Details of the FOS’ decision will be sent to you with confirmation of how ITC Compliance is
to proceed. If ITC Compliance are appealing the adjudication ITC Compliance will explain
the decision to the FOS and ask that an Ombudsman to review the case.
The case shall then be passed to an Ombudsman, who will make a final decision on whether
to uphold or reject the complaint. If the complaint is upheld by the Ombudsman, this
outcome is binding on ITC Compliance and yourselves and will be dealt with promptly. The
FOS will generally try to negotiate an agreed settlement with both parties before reaching a
final decision.
Case fees
Under Clause 5.5 and 12.1 in the Terms and Conditions of ITC Compliance Network
Membership, you are responsible for settling your own fees when the invoice is received by
ITC Compliance from the FOS. A case fee becomes “chargeable” when the complaint is
passed on for investigation to the FOS casework teams and is payable when the case is
settled and closed. An invoice for the case fee will usually be sent to ITC Compliance at the
end of the month in which the case is closed.
The current case fee is £550 for general insurance; however this fee will not be chargeable
if ITC Compliance can negotiate a settlement with the complainant prior to investigation by
FOS.
Monitoring & Reporting
ITC Compliance maintains complaint records to ensure that all complaints are dealt with
within the FOS 8 week timescale.
ITC Compliance will also monitor the causes of a complaint to ensure that any common
causes are identified to mitigate future complaints. One way of achieving this is through
Root Case Analysis (RCA).
ITC Compliance Network Member Policies & Procedures Manual v1.3
38
Management Information
Management information pertaining to the results of Complaint handling will capture:
The outcome and any redress paid
The root cause of complaints and resultant action
Any FOS referred complaints
Any feedback necessary and given to the AR or Network members
ITC Compliance Network Member Policies & Procedures Manual v1.3
39
Financial Promotions & Marketing Policy
ITC Compliance Network Member Policies & Procedures Manual v1.3
40
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 6 and 7, as detailed in
the FCA Principles for Business Policy, are most relevant to financial promotions and
marketing material. In addition, TCF outcomes 2, 3 and 5 also apply
To ensure that these principles and TCF outcomes are met, the FCA has set out specific
rules and guidance around financial promotions, within the FCA Handbook, Insurance
Conduct of Business sourcebook chapter 2.2 Communications to clients and financial
promotions.
This policy sets out procedures to allow you to adhere to the handbook.
Purpose
As your Principal, it is ITC Compliance’s responsibility to ensure that financial promotions
and marketing material produced by you are clear, fair and not misleading. ITC
Compliance also ensures that you incorporate all the legal requirements and can evidence
meeting the principles and TCF customer outcomes.
This policy sets out guidance for Network Member’s staff to follow to aid development and
approval of financial promotions and marketing material.
Responsibilities ITC Compliance have documented and implemented robust procedures for the effective management, design, production and use of all Financial Promotions.
All Network Members must have financial promotions approved by ITC Compliance, prior to
use.
It is extremely important, that the Financial Conduct Authority’s logo is not used
on any documentation produced by you as this is subject to copyright.
Application
The Financial Promotions, Marketing and Customer Facing Material that ITC Compliance will
approve include the following:
advertising
standard letters
press releases
forms
internet copy (i.e. text) and websites
mobile phone, radio and television communications, and
new media (including social networking websites, forums, blogs and iPhone applications),
telesales scripts
face to face system generated questions
The above list is not exhaustive
As a Network Member, you are responsible for creating the financial promotion and
submitting them to ITC Compliance for sign off and authorisation for use. However before
ITC Compliance Network Member Policies & Procedures Manual v1.3
41
submitting the financial promotion to ITC Compliance you should complete the Financial
Promotions Checklist (Appendix 1). This should be attached to the Financial Promotion when
it is submitted for sign off.
We will not accept any Financial Promotion that does not have a completed
checklist attached.
You should submit all Financial Promotions to the Compliance Department for review via
[email protected]. Once received you should allow 5 working days for
the Compliance team to review the promotion and provide feedback.
Where feedback is given, this should be acted upon swiftly. It is your responsibility to
ensure that the feedback is acted upon and any amendments are sent back to the
Compliance Officer, handling the promotion, for final sign off.
Once the required amendments have been received or the Compliance Officer is happy that
the promotion satisfies all of the regulatory requirements, final sign off shall be given. This
will be given via email and will be accompanied by a reference number and a validity period.
Please note ITC Compliance only look at adverstiments or promotions in line with FCA
requirements. It is your responsibility to ensure that your advertisment meets with other
relevant advertising codes and legislation.
Under no circumstances can a promotion be used without first obtaining this sign off or
outside of the validity period (normally 1 year from the date the promotion is signed off). If
the validity period expires you must resubmit the promotion for review and sign off.
ITC Compliance will keep sufficient records of all financial promotions submitted. This will
include version control, target audience, medium used (e.g. magazine), validity period and
sign off.
ITC Compliance Network Member Policies & Procedures Manual v1.3
42
When signing off a financial promotion, ITC Compliance will consider the following: -
The content should include reference to the company (or trading) name and an address
or contact point; this should also include the telephone number at which the company
may be contacted
The content should clearly state the Firms Regulatory Status e.g. as an Appointed
Representative
Where a promotion features benefits and associated exclusions these must be shown in
equal prominence, this also includes the font size used in the promotion.
All statements and comparisons should be accurate, have been checked and can be
supported by evidence.
Marketing ‘language’ should not be exaggerated or over-promised.
Benefits should be factual and not over-stated.
The product being promoted in the advertisement/financial promotion should be suitable
for the target audience.
The language used should be clear and as jargon-free as possible (particularly in relation
to terms, conditions and exclusions). Jargon terms that are included should be explained
or a cross reference provided.
Product restrictions, exclusions or limitations must be in plain English.
If the premium is shown, it should be clear that this includes Insurance Premium Tax.
Where applicable a firms VAT number should be clearly displayed.
The following regulatory statement should be included on the promotion; [Enter firm
name] is an appointed representative of ITC Compliance Limited which is authorised and
regulated by the FCA (their registration number is 313486) and which is permitted to
advise on and arrange general insurance contracts.
Adherence to this policy is vitally important failure to comply could result in you being in
breach of regulations and possible mis-representation of products and/or services. As a
result you may be liable to both ITC Compliance and regulatory focus and possible censure.
Monitoring & Reporting
ITC Compliance will maintain records of all financial promotions, including:
type of material, e.g. letter, website text
target audience, e.g. end customer, AR, Broker
the business owner/requestor
evidence of TCF consideration – document how this has been considered
date submitted for business sign off and who to
date returned following business sign off and who approved it
approved/not approved and reasons for non approval
version control
all correspondence e.g. emails relating to financial promotion/marketing material;
how long approval is valid for
As a Network Member you should also maintain records of all financial promotions
submitted, especially the validity period assigned to a specific promotion. This should be
kept within your Financial Promotion Register (Appendix 4)
ITC Compliance Network Member Policies & Procedures Manual v1.3
43
Management Information
ITC Compliance will review financial promotion Management Information to identify and
monitor any relevant trends. This could include, for example, complaints Management
Information resulting from a misleading financial promotion. Appropriate action will be taken
for any trends identified.
ITC Compliance Network Member Policies & Procedures Manual v1.3
45
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 2, 3, 6 and 9 are
most relevant to business assurance. In addition Treating Customers Fairly Outcomes 1, 2,
3, 4, 5 and 6 also apply.
Purpose
ITC Compliance ensure that all regulated activities are undertaken within the scope of the
FCA rules and regulations by means of site audits, document reviews, website reviews, call
monitoring, mystery shopping, file reviews and reviews of your regular returns.
This policy sets out how ITC Compliance ensures Business Assurance and the procedures
you need to follow to achieve this.
Responsibilities
ITC Compliance has documented and implemented robust procedures for the effective
management of Business Assurance and you are responsible for assisting ITC Compliance in
providing the required information to allow them to fulfil these obligations.
Application Document Reviews
ITC Compliance has robust procedures for the production and approval of compliance
documents. This includes, but is not limited to:
Initial Disclosure Document
Statement of Demands and Needs
Status Disclosure Document
All approval requests should be submitted as per the Financial Promotions Policy.
Documents will be periodically reviewed in the event of changes in FCA regulations. Any
non-compliant or non-approved material should be destroyed.
Failure to comply with this policy could result in being in breach of regulations and possible
miss-representation of products and/or services and therefore liable to regulatory focus and
possible censure.
Website Reviews
In line with clause 9.4 within the Terms & Conditions of ITC Compliance Network
Membership, ITC Compliance shall undertake reviews of your website(s). This is to firstly
ascertain if insurance is sold via the website.
If this is the case, ITC Compliance shall review the entire sales path to ensure that all
insurance policies are being sold compliantly. ITC Compliance follows a checklist that maps
the requirements against the ICOBS rulebook and TCF outcomes to ensure that the website
meets regulatory requirements.
ITC Compliance Network Member Policies & Procedures Manual v1.3
46
All reviews are documented within ITC Compliance’s website review log and any feedback
will be sent to you. Once this feedback has been received you should act upon it accordingly
and in a prompt manner. This is extremely important as your website will be live 24 hours a
day and therefore if there are problems, a customer may be mis-sold a general insurance
policy at any time. This could lead to poor TCF outcomes and complaints.
If, during the review ITC Compliance find any major issues, or if you have not acted on
feedback within a timely manner, ITC Compliance may ask you to take down your website
until such a time that ITC Compliance are satisfied it meets regulatory standards.
All new Network Member applications shall be subject to a website review and if any issues
are found the same process will apply.
Once ITC Compliance is happy with the content of your website ITC Compliance shall
provide you with final sign off. This will be provided in writing to allow a record to be kept.
All websites will be subject to an annual review to allow for any regulatory changes that
may occur.
Call Monitoring
ITC Compliance recognises the importance of ensuring that all sales comply with the
Treating Customers Fairly outcomes and Insurance Conduct of Business Sourcebook
(ICOBS) rules, where applicable. Although it is not a FCA requirement, ITC Compliance also
understands that in order to achieve this, best practice dictates that calls are recorded.
With this in mind ITC Compliance monitor recorded sales calls and have stringent processes
in place to ensure that if any discrepancies are found, these are dealt with efficiently by
both providing feedback to the individual employee and contacting the customer to rectify
any errors.
In order to achieve this, ITC Compliance use a call monitoring check-sheet, an example of
which can be found in Appendix 5. This has specific criteria, which must be met by the
individual Sales Agents and if the criteria is failed it provides details on the specific ICOBS
rule, TCF outcome and non-regulatory requirements it has failed against, thereby making it
easier to evidence when providing feedback to the individual.
In order to comply with this, it is a requirement that where you sell via the telephone, all
sales calls should be uploaded by the 10th of each month via the secure FTP server, Winscp.
This program can be downloaded from the internet and a “how to guide” is available within
the documents section on the ITC Compliance website.
Where available, ITC Compliance shall monitor a sample of the sales calls per month and
provide feedback via email. You should then act promptly following receipt of this feedback
to allow for any errors or issues to be rectified.
The feedback is provided in writing to ensure a record is kept.
As per clause 9.3 of the Terms and Conditions of ITC Compliance Network Membership, all
calls should follow the previously authorised telesales scripts available on the ITC
Compliance website. If you wish to change this in any way, this should be submitted to ITC
Compliance for approval before being used.
ITC Compliance shall review these scripts periodically to ensure they are in line with any
regulatory changes.
ITC Compliance Network Member Policies & Procedures Manual v1.3
47
Mystery Shopping
Depending on the nature of the products sold and the sales channels you use, ITC
Compliance may conduct thematic risk based mystery shopping on you. Questions will
predominately be based on ascertaining product knowledge and the staff members
understanding of the sales process. Feedback will be given to the Network Member once
findings are completed and any remedial action plan will be agreed.
File Reviews
ITC Compliance undertake random file reviews, as a way of ensuring Network Members
remain compliant with ICOBS rules and TCF outcomes.
ITC Compliance will review a sample of all sales made at all audit visits, reviewing the
electronic and paper files attached to a sale. The reviews will be documented on a File
Review Form, with an electronic copy of this form saved on the system.
Once the review has been completed, any required feedback will be given to you in writing,
allowing for any issues, errors or discrepancies to be resolved. Periodic Returns
Where appropriate you are required to submit a return to ITC Compliance. This confirms
policy numbers sold as well as premium and commission. It also includes questions in
relation to remuneration and Approved Persons.
In addition there is the ability to advise of any staff changes, there is also a requirement to
reconfirm adherence to the ITC Compliance terms and conditions of being a Network
Member.
This document is checked by ITC Compliance to ensure that they have been completed
correctly. If any issues are identified following this process, you will be notified in a timely
manner.
Observations
Monitoring & Reporting ITC Compliance monitor that you are compliant with ICOBS rules and the TCF Outcomes as
set out by the FCA through way of Business Assurance.
If, through the process of monitoring calls or reviewing compliance documents or files, an
error is identified, ITC Compliance have robust procedures in place to mitigate any losses
that may occur.
Where appropriate you are required to have staff involved in regulated activity observed
in this process. This would include such activity as sales and claims management. This is
an ITC Network Membership requirement. Any exempt staff must be agreed with ITC
Compliance. Examples of exempt staff would include those in an admin only function with
no client interaction. Examples of observation forms are available on the ITC Compliance
website. These must be kept on file and may be requested for review at any audit
ITC Compliance Network Member Policies & Procedures Manual v1.3
48
All reviews are recorded on ITC Compliance’s system and any feedback required is provided
to you, in writing. This ensures that the process is transparent and if any issues occur on
multiple occasions, it is easier to identify them.
If, through the review of a file, document or sales call, it is clear that an issue identified has
affected a customer, ITC Compliance shall contact you as soon as it becomes apparent. You
should then contact the customer affected at the earliest opportunity to rectify the identified
error.
If the original Sales Agent is unable to resolve the issue, you will need to decide on the best
course of action to bring the issue to a speedy resolution. If you require additional support
and guidance to meet this requirement ITC will provide all guidance required.
Where applicable, Returns are assessed once submitted and any discrepancies will be
clarified with you.
Failure to submit returns can lead to suspension or termination from the Network.
As a Network Member, you will be subject to periodic site based audits, these audits will
include:
File Reviews
Training Review (including Observations)
Financial Promotions and Documentation Review
Periodic return submission
Staff and Management Interview
Action plan for any identified issues or concerns
If you should fail to comply with repeated reasonable requests from ITC Compliance then
your account can be suspended, meaning you will be unable to transact any regulated
insurance business.
Examples of reasonable requests would include, but are not limited to;
Staff outstanding training and observations
Outstanding Periodic Returns
Outstanding audit action points
Management Information ITC Compliance review the Management Information collected while carrying out call
monitoring, document and file reviews to identify any issue trends. ITC Compliance act upon
this information to ensure that any recurring issues are mitigated and, if necessary,
processes are changed to achieve this.
ITC Compliance Network Member Policies & Procedures Manual v1.3
50
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 2, 3, 6 and 11 are
most relevant to training and competence. In addition Treating Customers Fairly outcome 1
and 2 also apply.
To ensure that these principles and TCF outcomes are met, the FCA has set out specific
rules and guidance around Training & Competency, these can be found in the FCA
Handbook, Senior Management Arrangements, Systems and Controls sourcebook (SYSC)
chapter 3.1.6 System and Controls and FCA Handbook Training & Competence Sourcebook
(TC).
Purpose
ITC Compliance ensure that all staff carrying out regulated activities, e.g. selling an
insurance product, receive adequate training and are competent in the role they perform.
ITC Compliance incorporates all the legal requirements and evidence meeting the principles
and TCF customer outcomes.
This policy sets out how ITC Compliance ensures that all Network Member’s staff are trained
and competent in the role they perform.
Responsibilities
ITC Compliance document and implement training programmes to ensure that all staff
carrying out regulated activities are competent within their role.
Your Approved Person has overall responsibility for ensuring that all relevant staff follow this
programme.
Application
The FCA defines competence as:
Having the skills, knowledge and expertise needed to discharge the responsibilities of an
employee's role. This includes achieving a good standard of ethical behaviour.
As per section 7 of the Terms and Conditions of ITC Compliance Network Membership, ITC
Compliance have implemented an online training tool to ensure that all staff (users)
carrying out regulated activities are competent within their role.
Each user has their own log in that is linked with their accounts within the sales systems.
Therefore if the user has not completed their training, the system will not allow them to
undertake the regulated activity specific to the training i.e. sell regulated products
You must not under any circumstances use a colleague’s log in to undertake a
regulated activity.
Once the user has logged into the training system they will need to open a training course
to complete, this has been specifically allocated by ITC Compliance to ensure that the
correct training is being undertaken.
ITC Compliance Network Member Policies & Procedures Manual v1.3
51
Once the training course has been selected the user must complete their CV. This provides
ITC Compliance with some details of the user such as their employment history and
qualifications and information about their fitness and propriety. The user is then able to
select the optional (product specific) training modules that require completion. ITC
Compliance will pre select these, although the user must tick the modules within their CV to
ensure they appear within the course. The user is then able to start their training.
The first step is to complete an assessment against the core and optional (product specific)
modules. ITC Compliance have designed the online training tool to meet the regulatory
requirements set out by the FCA and as such expect each user to complete the following
core modules;
Treating Customers Fairly
Money Laundering
Data Protection Act
Introduction to the Financial Conduct Authority (FCA)
Risk
Contract & Agency
Insurable Interest
Utmost Good Faith
Proximate Cause
Indemnity
Contribution & Subrogation
The optional (product specific) training modules are determined by the products you sell.
Therefore although these are classed as ‘optional’, it is imperative the user completes these
modules as not doing so, will prevent them from selling.
Once the assessments have been completed, the user is provided with a bespoke
action/development plan with comprehensive study material for any assessments they may
have failed. This ensures the user’s training is specifically targeted at areas of weakness
within their regulatory and product knowledge.
The user is then able to read the study material before completing a second module specific
assessment. If they fail this assessment they are able to review the study material as many
times as they wish to aid them in passing the required assessments.
Once all of the relevant training has been completed, the user is able to sell the insurance
products allocated.
A user’s training will expire after a year and must be retaken annually.
If the user is unsure of anything or requires a reminder of any of the aspects covered by the
training, they may refer back to all of the study material provided under the training course
at any time.
All users have accesse to a copy of their personal training records, held by ITC Compliance,
which can be viewed online at any time.
Monitoring & Reporting
ITC Compliance will maintain suitable supervision as per the Business Assurance Policy.
ITC Compliance will also provide details to the FCA on the number of employees selling
ITC Compliance Network Member Policies & Procedures Manual v1.3
52
general insurance on an advised basis, via the RMAR (Retail Mediation and Activities
Return).
Management Information
ITC Compliance will review all Management Information on employee training records to
ensure all of your staff are competent within their individual job roles.
ITC Compliance Network Member Policies & Procedures Manual v1.3
54
Introduction
The Financial Conduct Authority (FCA) expects Firms to conduct their business within the
rules and Principles for Business they have put in place. Principles 2, 3, 5 and 6, as detailed
in the FCA Principles for Business Policy are most relevant to financial crime. In addition
TCF outcome one is also relevant.
There are also additional laws under The UK Bribery Act 2010 (the “Bribery Act”), Proceeds
of Crime Act 2002 (POCA), Terrorism Act 2000 (TACT), and Joint Money Laundering
Steering Group (JMLSG) guidance.
To ensure that these principles and the TCF outcomes are met, the FCA has set out specific
rules and guidance around financial crime within the FCA Handbook, Financial Crime parts 1
& 2.
This policy sets out procedures to allow you to adhere to the handbook and applicable laws.
Purpose
ITC Compliance will assist you in mitigating and identifying any financial crime activity.
However it is the responsibility of your Approved Person to ensure that you meet the
regulatory requirements and to evidence meeting the FCA principles and TCF customer
outcomes.
This policy sets out guidance for you as a Network Member to aid understanding and
identification of potential financial crime risk areas.
Responsibilities
ITC Compliance has documented and implemented procedures for the effective
identification, reporting and mitigation of financial crime.
As a Network Member, it is your responsibility to identify and report any occurrences of
Financial Crime (as explained later within this policy) via the “Contact Us” part of the ITC
Compliance website (www.itccompliance.co.uk). Once received, this will be allocated and
escalated accordingly.
Application
There are three specific areas of concern in relation to financial crime:
Bribery & Corruption
Money Laundering
Fraud
Below is an overview of each area:
Bribery
Bribery is the offering, promising, giving, solicitation or the receipt or agreement to receive
any financial or other advantage, or any other inducement from any person or company,
(wherever they are situated and whether they are a public official or body, or a private
person or company) by an individual employee, agent or other person or body acting on
another’s behalf.
ITC Compliance Network Member Policies & Procedures Manual v1.3
55
For example if your product provider offered you substantial payments, in return for you
selling their products, over those of another product provider’s, this would be construed as
an act of bribery and must be reported to ITC Compliance immediately.
Corruption
Corruption is the abuse of entrusted power for a private gain.
Bribery and corruption may occur internally or externally and may be perpetrated by
employees, clients, suppliers, contractors, service providers, agents or anyone else doing
business. ITC Compliance reject bribery in any form and customers and any other person
with whom ITC Compliance interact can be confident that their reputation Is valued very
highly and that they are dealing with a firm that will not risk damage to its reputation by
getting involved in illegal or unethical business practices.
ITC Compliance will actively cooperate with law enforcement authorities for the
investigation and punishment of any act of bribery.
The Bribery Act – Offences
The UK Bribery Act 2010 (the “Bribery Act”) came into force on the 1st July 2011 and
defines the following offences:
Paying bribes: offering, promising or giving a financial or other advantage to induce
someone to perform their function or activity ‘improperly’ (the ‘active’ bribe offence).
Receiving bribes: requesting, agreeing to receive or accepting a financial or other advantage
for performing your function or activity ‘improperly’ (the ‘passive’ bribery offence).
Failure by a company to prevent bribery by associated persons (the corporate offence)
Under the UK Bribery Act if a person associated with an organisation bribes a person with
the intention of gaining or retaining a business advantage for a commercial organisation,
then the organisation may be guilty of an offence under the Act.
This is particularly important, as ITC Compliance is authorised and regulated by the
Financial Conduct Authority and liable for an unlimited fine. Associated persons include
anyone who performs services for or on behalf of the company e.g. an Appointed
Representative.
The FCA does not enforce the Bribery Act 2010. Its regulatory powers apply in obtaining
evidence of corrupt conduct to take regulatory action against a firm.
In order to ensure compliance with the Bribery Act 2010 it is essential that all Network
Members comply with this financial crime policy and all staff undertake the regulatory
training provided on an annual basis.
ITC Compliance also undertake thorough due diligence on all new and existing Network
Members acting within its permissions.
Non-compliance with the Bribery Act may lead to the following actions being taken against
the firm or the individual involved:
Individuals convicted for paying or receiving bribes face up to ten years’
imprisonment.
ITC Compliance Network Member Policies & Procedures Manual v1.3
56
Companies convicted of failing to prevent bribery by associated persons face
unlimited fines.
Directors and senior officers of companies involved can face criminal and civil
liabilities.
Gifts & Hospitality
Corporate hospitality, promotions and gifts have the potential to create a perception of
bribery and it is essential to draw a distinction between what is legitimate in business
situations and what is bribery; any gift or hospitality that seeks to influence the recipient
into performing their function improperly would be considered a bribe.
To ensure this is not the case, all Gifts & Hospitality must be:
Made openly: if made secretly and undocumented then the purpose will be open to
question
In accordance with stakeholder perception: the transaction would not be viewed
unfavorably by stakeholders if it were to be made known to them
Documented: the expense is properly recorded in your books and records
For further details, please refer to the Gifts & Hospitality policy.
Money Laundering
When a criminal activity generates substantial profits, the individual or group involved must
find a way to control the funds without attracting attention to the underlying activity or the
persons involved. Criminals do this by disguising the sources, changing the form, or moving
the funds to a place where they are less likely to attract attention.
Stages
In the initial, or placement, stage of money laundering, the launderer introduces the illegal
profits into the financial system. This might be done by breaking up large amounts of cash
into less conspicuous smaller sums that are then deposited directly into a bank account, or
by purchasing a series of insurance policies that are then almost immediately cancelled.
After the funds have entered the financial system, the second – or layering – stage takes
place. In this phase, the launderer engages in a series of conversions or movements of the
funds to distance them from their source. This use of widely scattered accounts for
laundering is especially prevalent in those jurisdictions that do not co-operate in anti-money
laundering investigations. In some instances, the launderer might disguise the transfers as
payments for goods or services, thus giving them a legitimate appearance.
Having successfully processed the criminal profits through the first two phases the launderer
then moves them to the third stage – integration – in which the funds re-enter the
legitimate economy. The launderer might choose to invest the funds into real estate, luxury
assets, or business ventures.
As a Network Member, it is extremely important that all staff are aware of the need to
identify Money Laundering. As you are selling insurance products, it is possible to become a
target of Money Laundering and any suspicions should be reported to your Money
Laundering Reporting Officer (MLRO) and ITC Compliance as soon as you become aware.
ITC Compliance Network Member Policies & Procedures Manual v1.3
57
Fraud
Fraud is a type of criminal activity, defined as the abuse of position, or false representation,
or prejudicing someone's rights for personal gain'.
ITC Compliance has implemented the following procedures for all Network Members to
follow:
appropriate measures to minimise the risk of fraud; (see Risk Management and
Breaches & Incidents Policies)
formal procedures to investigate fraud when it is suspected; (see Risk Management
Policy)
appropriate mechanisms for employees to voice their genuine concerns and protect
those who do so; (see Whistleblowing Policy) Procedures When Fraud is suspected
As a Network Member, you are responsible for referring any suspected irregularities to ITC
Compliance. ITC Compliance shall then decide how to proceed and if the irregularity
warrants escalation to the appropriate law enforcement agency. The normal sequence of
events, should an irregularity be suspected, will be as follows:
If employees suspect an irregularity has occurred, or is likely to occur, they should
normally report this to the appropriate Director or person within their organisation e.g.
MLRO (unless the concerns relate to the Director, in which case employees should have
regard to the alternative mechanisms outlined below) who should advise ITC Compliance
using the “Contact Us” part of the ITC Compliance website.
Should preliminary investigations suggest the suspicion is reasonable, further
investigations will be undertaken by ITC Compliance without delay.
Where further investigations indicate an offence may have occurred, ITC Compliance
and the AR should decide how to handle the matter according to Disciplinary Procedures
and whether to involve the relevant authorities.
Where financial impropriety is suspected, the Police must be informed.
ITC Compliance has a zero tolerance to all financial crime.
Monitoring & Reporting
As previously mentioned ITC Compliance will maintain records for identifying, reporting and
mitigating the potential risk of financial crime. This includes:
keeping training records up to date to ensure that all staff understand how to identify
and report suspicions of financial crime;
recording instances of potential financial crime;
identifying trends and implementing control systems, using the gathered
information, to help mitigate future occurrences of financial crime.
reporting any instances of potential financial crime to the relevant authorities as
soon as is reasonably possible.
As a Network Member, you should keep records of the same to ensure that you are abiding
by this policy.
Management Information
As a Network Member, you are jointly responsible, with ITC Compliance, to maintain
accurate Management Information of all instances of attempted or actual financial crime.
ITC Compliance Network Member Policies & Procedures Manual v1.3
60
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 1, 5 and 8 are most
relevant to conflicts of interest. In addition, Treating Customers Fairly outcome one is also
relevant.
Purpose
This document outlines how, as a Network Member of ITC Compliance, you should be
identifying and managing Conflicts of Interest in order to address the regulatory obligations
and avoid any detriment to your customers, it includes some examples of particular
Conflicts of Interest and potential solutions.
This policy applies to all staff, managers and senior management.
Responsibilities
Any Conflict of Interests identified by ITC Compliance will be highlighted and documented
within the Conflict of Interest Log. ITC Compliance will maintain this record and report any
identified conflicts to you.
In addition you must disclose any identified Conflicts of Interest to ITC Compliance in order
that any mitigating controls can be agreed. Examples of potential Conflict of Interests are
given within the table on the next page.
Application
Conflict of Interest - a situation in which a member of staff’s business decisions could be
influenced by their personal interests, for example a Salesman that places the majority of a
Firm’s business with a particular Insurer due to a family member working for the Insurer.
Inducement - a benefit offered to a firm, or any person acting on its behalf, with a view to
that firm, or that person, adopting a particular course of action. This can include, but is not
limited to cash, cash equivalents, insurance premium, commission, goods, hospitality or
training programmes.
A Conflict of Interest can include Inducements as defined above. Please refer to the
separate Gifts and Hospitality Policy for specific guidance on this.
The existence of a Conflict of Interest is not necessarily evidence of wrongdoing and the FCA
recognises that it is impossible to avoid all potential Conflicts of Interest, but where such
conflicts cannot be eliminated then they must be properly managed.
Process and Responsibilities
In line with the Terms & Conditions of ITC Compliance Network Membership, as a Network
Member, you are responsible for highlighting and mitigating any potential Conflicts of
Interest. Whenever a conflict is identified it must be immediately escalated, to your
Approved Person, using a “Potential Conflict of Interest” form (Appendix 6). The Approved
Person should log this on your internal Conflict of interest Log, carry out an investigation
and where possible take steps to mitigate it.
Your internal Conflicts of Interest Log should be available upon request at audits
undertaken by ITC Compliance.
ITC Compliance Network Member Policies & Procedures Manual v1.3
61
In the event that the Approved Person requires advice or guidance, ITC Compliance are
available to provide this. If the Approved Person feels that the Conflict requires escalation
as it cannot be dealt with within your firm, the “Potential Conflict of Interest” form should be
submitted to ITC Compliance via email by sending it to [email protected].
Upon receipt of a “Potential Conflict of Interest” form, ITC Compliance will assess and
confirm the requirement to register issues in the local Conflicts of Interest log, and if action
is required allocate it to the most appropriate person within the firm for completion. Examples of Conflicts of Interest
The following examples show some specific conflicts and their solutions, however, all
Conflicts of Interest will need to be considered separately and appropriate management
action taken to avoid any customer detriment and ensure the conflict is managed and
mitigated appropriately.
Issue Potential conflict of Interest Typical procedures to manage the potential
conflict
Preferential
commission rates
from a particular
insurer
Sales staff placing
business with that insurer
without considering the
needs of the customer.
Commission across the panel arranged
so that no one insurer has appreciably
different commission deals for the same
product.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
Only use one Insurance Provider per
product type.
Profit share
arrangements
with a particular
insurer
Sales staff placing
business with that insurer
without considering the
needs of the customer.
When operating under a
Binding Authority, claims
staff may want to limit
loss ratios – by directing
business with a bad loss
history to other markets.
Only use one Insurance Provider per
product type.
Profit share arrangements not disclosed
to sales staff.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
Volume overrides
arrangements
with a particular
insurer
Sales staff placing
business with that insurer
without considering the
needs of the customer.
No direction/instructions from senior
management where to place business, if
this is likely to result in customer
detriment.
Volume override arrangements not
disclosed to sales staff.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
ITC Compliance Network Member Policies & Procedures Manual v1.3
62
Sales staff
remuneration
based on sales
targets
Incentive payments or
competitions made to
sales staff to complete
insurance sales without
considering the needs of
the customer.
Robust management controls in place to
ensure that customers have been
treated fairly including;
Rewards that take into account quality
as well as quantity such as the
incidence of upheld complaints,
adherence to procedures and findings
from internal monitoring.
Appraisal and development
arrangements including TCF and quality
considerations.
Delegated claims
handling
Acting for insurer when
the customer reasonably
believes that intermediary
is acting for them.
Disclosure documents include details.
Claims handling procedures to include
“Treating Customers Fairly” principles.
Hospitality and
Gifts
(Inducements)
Significant hospitality and
gifts could influence the
fair treatment of
customers.
Policy and procedures for the
registration and approval of
hospitality and gifts.
Relationships or
financial
interests with
insurers or other
third parties with
whom ITC
Compliance deal
Business placed with a
particular insurer or other
contracts entered into
without consideration of
the customer’s best
interest.
Only use one Insurance Provider per
product type.
A register maintained of all such
arrangements.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products.
Conflicts
between
customers when
acting for both
Acting for competing
customers could affect
ability to treat both fairly.
Disclose conflict and obtain agreement
to proceed for both parties.
Set up Chinese Walls – segregation of
duties information barriers so that each
customer is treated fairly and as if the
other was not present.
Staff members
or member of
their immediate
family has an
interest in an
outside entity
Where the interest is
substantial enough for it
to be perceived to affect
their judgement with
respect to transactions
between the Network
Member/ITC Compliance
and that entity i.e. a
material interest exists.
Staff members with a material interest
in any service provider, insurer or
product provider must declare this
interest to HR.
If the Network Member cannot manage
a conflict adequately, it will disclose this
to the client, before undertaking any
business for that client.
Undertaking a
tender exercise
to select supplier
or product
provider
Appointment of supplier or
product provider without
considering the impact on
customers.
Before undertaking any tender exercise
the proposed tender process needs to
be signed off by a Project
Sponsor/appropriate Senior
Management in advance of issuing to
the invited tender participants.
Proposals/recommendations resulting
from any tender process are signed off
in advance of any final ratification and
communication to tender participants.
Close personal
relationships
Where the relationship
potentially results in some
form of influence, either
Staff members should disclose any
personal relationships that may result in
any form of influence on another staff
ITC Compliance Network Member Policies & Procedures Manual v1.3
63
positive or negative, on
another employee or
business process.
member.
Line management to ensure that roles,
responsibilities and team structures are
reviewed to minimise or avoid any
potential conflicts arising from staff
relationships.
If you are at all unsure as to whether a situation is a potential conflict of interest you should
complete the Conflict of Interest Self Assessment form (Appendix 7)
Monitoring & Reporting
As a Network Member, you and all your staff are responsible for identifying possible
Conflicts of Interest,recording these on the “Potential Conflict of Interest” form and
escalating these to your Approved Person.
Where the Approved Person feels that the conflict cannot be mitigated by your firm, it
should be escalated to ITC Compliance who will record this on the Conflicts of Interest Log.
Any failure to treat customers fairly as a result of a Conflict of Interest should be recorded
as an Incident, as required in the Regulatory Breaches & Incidents Policy.
Management Information
Where Conflicts are escalated to ITC Compliance, this information will be reviewed to
identify and monitor any relevant trends or insufficient controls. If anything is highlighted
appropriate action will be taken.
ITC Compliance Network Member Policies & Procedures Manual v1.3
65
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 1, 5 and 8 are most
relevant to gifts and hospitality. In addition, Treating Customers Fairly outcomes one is also
relevant.
Purpose
Inappropriate gifts, hospitality and entertainment can be used to generate a position of
obligation and prepare the way for a dishonest act, which compromises integrity and your
ability to treat customers fairly.
This policy sets specific rules that define what Gifts and Hospitality are considered
appropriate and acceptable to both offer and receive and defines how the behaviour of staff
should be monitored.
It also sets out procedures to ensure that Gifts and Hospitality are managed to avoid the
risk of conflict with your duties towards your customers and provides advice on how to
ensure compliance with regulatory and legislative requirements.
This policy applies to your staff, Management and Directors.
Responsibilities
As a Network Member, you must document and implement robust procedures for the
effective management of giving and receiving gifts, inducements and hospitality.
Application Definitions
Inducement – an inducement is a benefit offered to a firm, or any person acting on its
behalf, with a view to that firm, or that person, adopting a particular course of action. This
can include, but is not limited to, cash, cash equivalents, goods, hospitality or training
programmes.
Gift – Gifts can be money, goods, services or loans given, without the expectation of
consideration or value in return. Gifts therefore should have no role in the business
process. Commission or fees would not be regarded as gifts.
Hospitality - Social events hosted by the company for clients or suppliers in order to obtain
or maintain their patronage or goodwill and build relationships. Hospitality includes
entertaining, meals, receptions and attendance at sporting events.
Tickets for events where no host is present are classified as a cash equivalent gift.
Bribery – The giving and receiving of money, a gift or other advantage as an inducement to
do something that is dishonest, illegal or a breach of trust in the course of business.
ITC Compliance Network Member Policies & Procedures Manual v1.3
66
Gifts and Hospitality offered and received
In order for gifts or hospitality to be acceptable they must be made:
openly
without placing the recipient under any obligation – for example a clear act of
appreciation for good service
without any expectations
appropriate to the relationship and local business practice
not of a frequency which could be interpreted as excessive or inappropriate
legal and appropriate in accordance with the laws and cultures of the relevant country
Gifts and hospitality must be:
of an appropriate value, whether individually or in the aggregate over a period of 12
months
recorded and reported to management
Gifts and Hospitality must NOT be given or received when nearing the completion of
material contract negotiations – i.e. where the gift or event could influence the end result of
negotiations.
Individuals are strictly forbidden to offer or accept a gift of cash (or a cash equivalent
such as un-hosted concert or sports tickets) under any circumstances as this could be
construed as an act of bribery. This includes the payment of credit card charges, fees, soft
loans (i.e. loans with below market or no interest payments) or shares.
Hospitality and Entertainment
All events must be hosted in the company’s name and be justifiable for the business in the
legitimate interest. All Hospitality must be authorised in advance using the Gifts &
Hospitality Approval Form (Appendix 8) and recorded on the Gifts and Hospitality
Received.
Hospitality offered to spouses, partners and immediate relatives accompanying third parties
to events is appropriate only in exceptional circumstance and in each case, approval must
be sought from appropriate line management.
Gifts and Hospitality registers
Gifts and Hospitality must be logged on the Gifts and Hospitality Register (Appendix 9).
This log must be available for review both on request and at any audit conducted on you by
ITC Compliance.
Gifts and Hospitality received
When a gift or hospitality event is offered to employees (other than low value branded
items) it must be authorised by management and recorded in the Gifts and Hospitality
Register (Appendix 9) with the appropriate authorisation.
Managers are required to show reasonable validation of the values they place against items
(for example a link to a relevant theatre website). It is not permitted for any member of
staff to sign off an item for their own benefit.
ITC Compliance Network Member Policies & Procedures Manual v1.3
67
Gifts and Hospitality made to Third Parties
Prior to making an offer of hospitality or presentation of a gift externally, authorisation must
be obtained. The relevant manager must then record the item on the Gifts and Hospitality
Register (Appendix 9).
Monitoring & Reporting
The Gifts and Hospitality registers are owned by and the responsibility of you as a Network
Member. The Approved Person is also responsible for monitoring the Gifts and Hospitality
registers, conducting spot validations and auditing the registers.
Management Information
Management Information should be compiled at least annually to assess the information
contained on the registers and identify any conflicts or potential conflicts that arise. This is
the responsibility of the Approved Person.
ITC Compliance Network Member Policies & Procedures Manual v1.3
69
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principle 3 is most relevant to
Risk Management.
Purpose
ITC Compliance have internal procedures for the mitigation of risk. These risks are not
constrained to regulatory aspects only and will include other internal or external factors.
E.g. a new computer system may be a risk to business continuity.
This policy sets out guidance for Network Members to aid understanding of the
requirements to comply with the risk mitigation rules and policy.
Responsibilities
Senior Management are responsible for defining your risk appetite and ensuring that your
Risk Register is completed and reviewed periodically.
Your Risk Register must be available on request for review during audits undertaken by ITC
Compliance.
Application
Regardless of whether risk is a defined function the principles of managing the inherent and
residual risk will apply to you and your risk appetite should be reviewed regularly at
minuted meetings.
Your risk appetite will be defined as one of the following:
Averse Avoidance of risk and uncertainty is a key organisation objective.
Cautious; Preference for safe options that have a low degree of risk and may only have
limited potential for reward.
Balanced; Consideration of all options resulting in a ‘mid-line’ approach and a mediocre
potential for reward
Open; Willing to consider all potential options and choose the one most likely to result in
successful delivery, while also providing an acceptable level of reward and value for money.
Hungry; Eager to be innovative and to choose options offering potentially higher business
rewards, despite greater inherent risk.
However, importantly this does not mean that where the appetite is hungry or open that
any regulatory rules can be breached.
Any additional product requests and new applications should be reviewed in line with your
risk appetite.
ITC Compliance Network Member Policies & Procedures Manual v1.3
70
The appropriate level will depend on the nature of the work undertaken and the objectives
pursued. For example, where public safety is critical (e.g. operating a coach tour) appetite
will tend to be low, while for an innovative project (e.g. early development on an innovative
car) it may be very high, with the acceptance of short term failure that could pave the way
to longer term success.
As a Network Member, your senior management are responsible for compliance with your
risk strategy. This includes oversight of:
a) Risk register
b) Business Continuity Plan (BCP)
Risk Register
As a Network Member it is your responsibility to keep a risk register specific to your
business, following the guidelines set out in Appendices 10, 11 and 12. An example of a Risk
Register can be found in Appendix 13.
ITC Compliance Network Member Policies & Procedures Manual v1.3
71
Business Continuity Plan Policy (BCP)
ITC Compliance Network Member Policies & Procedures Manual v1.3
72
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principle 3 is most relevant to
risk and business continuity.
Purpose
You should implement internal procedures for the mitigation of risk. These risks are not
constrained to regulatory aspects only and will include other internal or external factors.
E.g. a new computer system may be a risk to business continuity.
This policy sets out guidance to aid your understanding in compiling a Business Continuity
Plan, including Call Cascade List (Appendix 15). An example Business Continuity Plan can be
found in Appendix 14.
Responsibilities You should have a Business Continuity Plan for managing business interuption risk.
It is the responsibility of Senior Management to ensure that this is kept up to date and
Application
The Approved Person within your firm should have oversight of the Business Continuity Plan
(BCP).
Business Continuity Plan
A major risk to you is business interruption or disaster recovery. Therefore you should have
a Business Continuity (recovery) Plan. This plan should give consideration to the regulatory
aspects of your business.
ITC Compliance has compiled a couple of scenarios in order to test your Business Continuity
Plan (Appendix 16). These test scenarios will help you understand how your business will
cope with the impact of each situation as the events unfold and where weaknesses appear
steps should be taken to mitigate these weaknesses. The Business Continuity Plan should be
available, upon request, during audits undertaken by ITC Compliance.
ITC Compliance Network Member Policies & Procedures Manual v1.3
74
Introduction
An Approved Person is an individual who has been approved by the FCA to perform one or
more controlled functions..
A controlled function is a role or responsibility that has particular regulatory significance. For
the purpose of the Network, this means being responsible for implementing the rules and
processess outlined in this manual and the FCA principles.
Under the Financial Services and Markets Act 2000, the FCA may approve an individual only
where it is satisfied that a candidate is fit and proper to perform the controlled function(s)
applied for. When considering a candidate’s fitness and propriety, the FCA considers:
i. honesty, integrity and reputation;
ii. competence and capability;
iii. financial soundness.
Approval must be obtained before a person can perform a controlled function.
ITC Compliance must satisfy the FCA that a candidate is fit and proper to perform the
controlled function applied for.
If your business is a Primary Intermediary (insurance is your main business), then all
Directors and/or individuals undertaking a controlled function must be an Approved Persons,
however if you act as a Secondary Intermediary (insurance being a secondary business
activity) you will only require one Approved Person. All Appointed Representative Network
Members will need at least one Approved Person.
Purpose
This policy sets out the requirements for any Approved Person working within an FCA
regulated environment.
Responsibilities
ITC Compliance will perform adequate due diligence when presenting any Approved Person
to the FCA for approval, paying particular regard to the points above.
This will include;
asking for proof of the applicant’s identification
asking for proof of the applicant’s address
obtaining a director’s report from a credit referencing agency
obtaining a consumer report from a credit referencing agency
reviewing the answers given on section 5 of the Form A
reviewing the employment history provided on the Form A
ITC Compliance have documented and implemented robust procedures for the appointing of
any Approved Person.
Application
An Approved Person is someone who carries out one, or more, of the below defined FCA
controlled functions and must therefore satisfy the FCA fitness and proprietary
requirements.
ITC Compliance Network Member Policies & Procedures Manual v1.3
75
Significant influence
functions (SIF)
CF 1 Director function
CF 2 Non-executive director function
CF 3 Chief executive function
CF 4 Partner function
CF 5 Directors of an unincorporated association
CF 6 Small friendly society function
CF 8 Apportionment and oversight function (Non-MiFID business
only)
CF10 Compliance oversight function CF 10A CASS Oversight
Operation Function
CF 11 Money laundering reporting function
CF 12 Actuarial function
CF 12A With-profits actuary function
CF 12B Lloyd's Actuary function
CF 28 System and controls function
CF 29 Significant management function
Customer functions
CF 30 Customer function
Within a Limited Company, the Approved Person should be a Director and they would carry
out the CF 1 function. Within a Limited Liability Partnership (LLP), the Approved Person
should be a Partner and they would carry out the CF 4 function. However within a Sole
Trader, there is no requirement to appoint an Approved Person.
Being an Approved Person brings with it a number of important responsibilities, including a
duty to be aware of and comply with FCA regulatory requirements and expectations and,
understand how they apply to the day to day exercise of controlled functions.
Specifically, Approved Persons must:
meet and comply, on an ongoing basis, with the FCA’s Fit and Proper (FIT) test for
Approved Persons;
comply with the Statements of Principle and the Code of Practice for Approved Persons
set out in the FCA’s Statements of Principle and Code of Practice for Approved Persons
handbook (APER). The Statements of Principle describe the conduct that the FCA
requires and expects of the individuals it approves;
report to ITC Compliance and to the FCA any matter that may impact on their ongoing
fitness and propriety via Form D (Appendix 17) - Notification of changes in Personal
Details or Application Information.
This is also a requirement within section 6 of the Terms and Conditions of ITC Compliance
Network Membership as non compliance with these regulatory requirements may result in
the FCA taking enforcement action against ITC Compliance and any Approved Persons.
Fit and Proper Test
The Fit and Proper test is not an exam; merely a benchmark of an individual’s standing. It is
broken down into:
Honesty, Integrity and Reputation
Competence and Capability
Financial Soundness
ITC Compliance Network Member Policies & Procedures Manual v1.3
76
Honesty, Integrity and Reputation
The considerations ITC Compliance will make prior to submission to the FCA for their
scrutiny will include:
whether the person has been convicted of any criminal offence, any spent convictions;
particular consideration will be given to offences of dishonesty, fraud, financial crime or
an offence under legislation relating to financial services, whether or not in the United
Kingdom
whether the person has been the subject of any adverse finding or any settlement in
civil proceedings, particularly in connection with financial business, misconduct or fraud
whether the person has been the subject of, or interviewed in the course of, any
existing or previous investigation or disciplinary proceedings, by the appropriate
regulator
whether the person is or has been the subject of any proceedings of a disciplinary or
criminal nature, or has been notified of any potential proceedings
whether the person has contravened any of the requirements and standards of the
regulatory system
whether the person has been the subject of any justified complaint relating to regulated
activities
whether the person has been involved with a company, partnership or other
organisation that has been refused registration, authorisation, membership or a licence
to carry out a trade, business or profession, or has had that registration revoked
whether, as a result of the removal of the relevant licence, registration or other
authority, the person has been refused the right to carry on a trade, business or
profession requiring a licence or registration
whether the person has been a director, partner, or concerned in the management, of a
business that has gone into insolvency, liquidation or administration while the person
has been connected with that organisation or within one year of that connection
whether the person, or any business with which the person has been involved, has been
investigated, disciplined, censured or suspended or criticised by a regulatory or
professional body, a court or Tribunal, whether publicly or privately
whether the person has been dismissed, or asked to resign and resigned, from
employment or from a position of trust, fiduciary appointment or similar;
whether the person has ever been disqualified from acting as a director or disqualified
from acting in any managerial capacity
whether, the person has been candid and truthful in all his dealings with any regulatory
body and whether the person demonstrates a readiness and willingness to comply with
the requirements and standards
ITC Compliance Network Member Policies & Procedures Manual v1.3
77
Competence and Capability
In determining a person's competence and capability, the FCA and ITC Compliance will
consider the following:
whether the person satisfies the relevant FCA training and competence requirements in
relation to the controlled function the person performs or is intended to perform;
whether the person has demonstrated by experience and training that the person is
suitable if approved,
whether the person has adequate time to perform the controlled function and meet the
responsibilities associated with that function.
Financial Soundness
In determining a person's financial soundness, the FCA and ITC Compliance will consider:
whether the person has been the subject of any judgment debt or award, in the United
Kingdom or elsewhere, that remains outstanding or was not satisfied within a reasonable
period;
whether, in the United Kingdom or elsewhere, the person has made any arrangements
with their creditors, filed for bankruptcy or been adjudged bankrupt, had assets
sequestrated, or been involved in proceedings relating to any of these.
ITC Compliance will not normally require the candidate to supply a statement of assets or
liabilities. The fact that a person may be of limited financial means will not, in itself, affect
their suitability to perform a controlled function.
FCA Application
All Approved Persons applications are submitted on the FCA’s Online Notifications and
Applications system
The onus is on ITC Compliance to provide sufficient information on the Application Form
(Form A) to satisfy the FCA that the candidate is fit and proper.
ITC Compliance may therefore need to provide to the FCA details of:
the due diligence undertaken;
references obtained, including regulatory references, and
details of the rationale the firm has used to conclude that the candidate is fit and
proper to perform the role for which approval is sought.
Monitoring & Reporting
Once the Approved Person has submitted the requested information, ITC Compliance shall
keep records, which will include:
ITC Compliance Network Member Policies & Procedures Manual v1.3
78
References obtained on individuals
Work history
Form A and FCA correspondence
Any Approved Person Declaration(s)
Copy CV’s
Any correspondence pertaining to any clarification of further detail required
Proof of residency
Proof of identification
Management Information
ITC Compliance verifies Approved Person’s employment and personal history appropriately
in relation to the FCA’s fit and proper requirements.
ITC Compliance also verifies this information through the collection of regular information
from you.
It is your responsibility to ensure that the details of your Approved Person(s) are accurate
and any changes are reported to ITC Compliance as soon as is reasonably possible.
ITC Compliance Network Member Policies & Procedures Manual v1.3
79
Regulatory Breaches & Incidents Policy
ITC Compliance Network Member Policies & Procedures Manual v1.3
80
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principle 11 is the most relevant
in relation to regulatory breaches.
Purpose
ITC Compliance are required to disclose to the FCA appropriately anything relating to the
firm (and its Network Members) of which the FCA would reasonably expect notice as defined
in the Financial Services and Markets Act 2000.
Failure to comply with this rule could mean negative action against ITC Compliance, which
could lead to regulatory fines or penalties. It could also result in negative publicity about
ITC Compliance and its Network Members.
This policy sets out guidance to aid understanding of the requirements when a regulatory
breach has occurred.
Responsibilities
As a Network Member, you are responsible for reporting any identified breaches immediately to ITC Compliance.
Application
Whilst ITC Compliance has implemented robust procedures to help mitigate the risk of a
regulatory breach, the risk can never be completely eliminated.
The FCA expect to be informed about any regulatory breach, usually as soon as possible, if
it is to be able to carry out its supervision function effectively and react in good time to
developments that may require a regulatory response.
This policy applies to your staff, managers and senior management.
Definitions
The Act – Financial Services and Markets Act 2000.
Notifiable Event – A serious incident (detailed below) that contravenes the Regulator’s
Statements of Principles and/or the Handbook of rules and potentially brings a financial or
reputational risk to ITC Compliance and/or the individual concerned.
Notifiable Events are;
Matters having a serious regulatory impact
ITC Compliance Network Member Policies & Procedures Manual v1.3
81
failing to satisfy one or more of the threshold conditions, such as appropriate
resource to carry out the regulated activity undertaken and the suitability of the
Approved Person;
any matter which has a significant impact on ITC Compliance or Network Member’s
reputation. For example widespread mis-selling of Insurance Policies that leads to
unwanted media coverage and publication on the FCA’s website;
any matter which could affect the ability to continue to provide adequate services to
your customers and/or result in serious customer detriment. For example a gap in
Professional Indemnity Insurance cover, during which a significant claim is made
against ITC Compliance, leading to the winding up of the business;
Breaches of rules and other requirements in or under the Act
In assessing if a breach is significant ITC Compliance will consider potential financial losses
to customers, frequency of the breach, systems and controls implications and if there are
any delays in identifying or rectifying the breach.
Civil, criminal or disciplinary proceedings against ITC Compliance or Network Members
civil proceeding are brought against ITC Compliance and the amount of any claim is
significant in relation to financial resources or reputation;
disciplinary measures or sanctions are imposed by any statutory or regulatory
authority, subject to an investigation into ITC Compliance’s affairs;
You are prosecuted for or convicted of any offence involving fraud, dishonesty, or
any penalties are imposed on you for tax evasion.
Fraud, errors and other irregularities (considered significant by senior management)
an employee may have committed fraud against a customer;
a person (whether employed or not) is acting with intent to or has committed
fraud against ITC Compliance or a Network Member;
ITC Compliance or a Network Member identifies accounting irregularities;
ITC Compliance or a Network Member suspects that an employee involved in
regulated activities may be guilty of serious misconduct concerning their
honesty or integrity.
In assessing if an incident is significant ITC Compliance will consider the size, or potential
size, of any monetary loss, reputational risk and whether the incident(s) reflect a weakness
in its controls.
Insolvency, bankruptcy and winding up
calling of a meeting to consider the winding up;
an application to dissolve or strike ITC Compliance off the Companies Register;
presentation of a winding up order;
entering into any arrangement with one or more creditors;
appointment of a bankruptcy administrator or receiver;
application, under section 252 of the Insolvency Act 1986, for an interim order
against.
ITC Compliance Network Member Policies & Procedures Manual v1.3
82
Other; Communication with the Regulator in accordance with Principle 11
This includes;
any significant systems and control failure; and
actions taken which result in a material change in ITC Compliance’s capital
adequacy or solvency.
Process
If a breach or incident is identified it must be immediately escalated to ITC Compliance and
an Incident Report form (Appendix 18) must be completed. This can be submitted to ITC
Compliance either by email, to [email protected], or via the “Contact Us” part of
ITC Compliance’s website.
Once received, ITC Compliance shall assess the notification and make a decision as to
whether it should be escalated to the FCA as a reportable event.
Following agreement and content approval of the notification, ITC Compliance is responsible
for making the necessary communication with the FCA.
Further details of what constitutes a regulatory breach and the type of breach are detailed
in Appendix 19.
Inaccurate, false or misleading information
ITC Compliance shall take all reasonable steps to ensure the information on any Notifiable
Event provided to the Regulator is factually accurate, or in the case of estimates and/or
judgements, fairly and properly based on information obtained after appropriate enquiries
have been made and includes anything the Regulator would reasonably be expected to be
told about.
Monitoring & Reporting
You should initially advise ITC Compliance and, PI Insurers (if applicable) of all incidents
and breaches by submitting a fully completed incident form with investigation as soon as
practical after the breach has been identified.
ITC Compliance will provide a copy of the Notifiable Event communication sent to the
Regulator and keep them informed of all subsequent developments, until such time as the
situation is concluded.
Management Information
ITC Compliance will retain records of all incidents and breaches in a register or log. Senior
Management will review all open incidents on a periodic basis to ensure correct
management and timely closure.
ITC Compliance Network Member Policies & Procedures Manual v1.3
84
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principle 11 is most relevant to
Whistleblowing:
In addition The Public Interest Disclosure Act 1998 (hereinafter referred to as 'the
Whistleblowers Act') protects employees against detrimental treatment or dismissal as a
result of any disclosure of normally confidential information in the interests of the public.
This document refers to the FCA regulatory obligations only under SYSC 18.
Purpose
ITC Compliance have appropriate internal procedures which will encourage workers with
concerns to blow the whistle about matters which are relevant to the functions of the FCA.
This policy sets out guidance for Network Members to aid understanding of the
requirements to comply with the Whistleblowing rules and policy.
Responsibilities
ITC Compliance, as your Principal, will ensure there is a Whistleblowing procedure to comply
with The Whistleblowers Act' and in particular the FCA requirements.
Application
It is the FCA’s policy to encourage whistleblowers to use the whistleblowing procedures in
their own workplace, but they may contact the FCA's Whistleblowing Desk in the following
circumstances:
if there aren’t any procedures in their own workplace;
if a whistleblower is uncomfortable or not confident about using the procedures; or
the procedures have been followed but the whistleblower is concerned by the nature
of the response, or lack of response, by their firm.
Under The Whistleblowers Act, any clause or term in an agreement between an Employee
and a Network Member is void if it precludes the worker from making a protected disclosure
(that is, "blow the whistle").
In accordance with section 1 of The Whistleblowers Act:
A qualifying disclosure is a disclosure, made in good faith, of information which, in the
reasonable belief of the worker tends to show that one or more of the following has been, is
being, or is likely to be, committed:
a) a criminal offence
b) a failure to comply with any legal obligation
c) a miscarriage of justice
d) the putting of the health and safety of an individual in danger
e) damage to the environment
f) deliberate concealment relating to any of the above
ITC Compliance Network Member Policies & Procedures Manual v1.3
85
It is immaterial whether the relevant failure occurred, occurs or would occur in the United
Kingdom or elsewhere, and whether the law applying to it is that of the United Kingdom or
of any other country or territory.
Internal procedures
You should adopt appropriate internal procedures, which will encourage workers with
concerns to blow the whistle internally about matters, which are relevant to the functions of
the FCA.
Appropriate internal procedures will include:
telling workers that the firm takes failures seriously and explaining how wrongdoing
affects the organisation;
telling workers what conduct is regarded as failure;
telling workers who raise concerns that their confidentiality will be respected, if they
wish this;
making it clear that concerned workers will be supported and protected from reprisals;
nominating a senior officer as an alternative route to line management and telling
workers how they can contact that individual in confidence;
making it clear that false and malicious allegations will be penalised by the firm;
telling workers how they can properly blow the whistle outside the firm if necessary;
providing access to an external body such as an independent charity for advice; and
encouraging managers to be open to concerns.
You should advise your employees (through the firm's internal procedures) that they can
blow the whistle to ITC Compliance, as the principal prescribed in respect of financial
services and market matters under The Whistleblowers Act.
ITC Compliance will give priority to live concerns or matters of recent history.
Should an individual have concern about ITC Compliance they may approach the FCA
directly on 020 7066 9200 during office hours or leave a message on voicemail.
Or you can write to the FCA at:
Intelligence Department (Ref PIDA)
The Financial Conduct Authority
25 The North Colonnade
Canary Wharf
London E14 5HS
Monitoring & Reporting
ITC Compliance will maintain records of compliance with the FCA and The Whistleblowers
Act’s Whistleblowing rules.
The internal procedure will include records on Whistleblowing reports and the relevant
actions taken in order to evidence fitness and propriety to the FCA.
Management Information
The Directors of ITC Compliance will review any whistleblowing reports in order to identify
any trends and any remedial required action. The content of a whistleblowing report may
trigger the requirement to report an event to the FCA.
ITC Compliance Network Member Policies & Procedures Manual v1.3
87
Introduction
The Financial Conduct Authority (FCA) expects firms to conduct their business within the
rules and Principles for Business they have put in place and Principles 1, 2 and 11 are most
relevant to record keeping. In additions Treating Customers Fairly outcomes 1 and 6 also
apply.
To ensure that these principles and TCF outcomes are met, the FCA has set out specific
rules and guidance around record keeping, these can be found in the FCA Handbook, Senior
Management Arrangements, Systems and Controls 9.1 and Conduct Of Business Sourcebook
9.5. The Data Protection Act 1998 as amended also sets out rules in relation to how a
business can keep records.
Purpose
As a Network Member of ITC Compliance, you should ensure that records are kept in line
with the Data Protection Act and FCA rules and any records disposed of are done so
securely.
The purpose of this policy is to provide guidelines for you, as a Network Member, regarding
your responsibilities for record keeping indicate appropriate retention periods under broad
categories and emphasise the importance of disposing of records in a secure manner.
Responsibilities
You are required by law and the FCA to adhere to the rules set out in the Data Protection
Act and the FCA Handbook and to have stringent process’ in place to ensure this.
Application Definitions
Record The International Organisation for Standardisation (ISO) defines a
record as information that has been created, received and maintained
as evidence and information by an organisation or person in the
pursuance of legal obligations or in the transaction of business.
Essential
Records
Essential records contain information that the business cannot operate
without; the information is either irreplaceable or difficult to replace
and will typically contain some confidential information.
Confidential
Records
Confidential records contain privileged or non-public information
pertaining to the company’s business, which may relate to internal
matters e.g. strategic and operational plans, staff remuneration, etc. as
well as dealings with customers and third parties, such as insurers,
agents, regulators, etc.
Examples of items that are deemed to be records include;
• documents (including written and typed documents and annotated copies);
• paper based files (i.e. sales/client and non insurance transaction files);
• computer files (including word processed documents, databases and presentations);
• emails;
• diaries;
• faxes;
• brochures and reports;
• intranet and internet web pages;
ITC Compliance Network Member Policies & Procedures Manual v1.3
88
• forms and applications;
• audio and video tapes, including CCTV;
• photographs.
Your management team is responsible for ensuring records are properly retained and
disposed of in accordance with your legal obligations. If paper and computer based records
are used, care is taken in the design of record keeping arrangements and the protection of
records.
Retention of records
Information should be retained within structured record keeping systems, which may
include documents as well as information in electronic format.
Records must be retained in an appropriate manner and should be easily retrievable,
therefore;
documents contained in both paper and electronic files are stored in a logical manner
that allows ease of access and retrieval of records. Sales/client, agency and non
insurance transaction files are segregated by transaction stages or events; e.g.
quotations, responses to queries, application form, etc;
call recordings are clear and capable of being transcribed;
amendments or corrections following a transaction or event are clearly shown as such
and the original information remains visible;
it is not be possible for details of transactions or events in paper files i.e. sales/client,
agency and non insurance transaction files (including referencing records) to be
manipulated or altered without a record of the change being captured so as to avoid the
potential for fraud;
it is possible for records in other languages to be reproduced in English;
any records of consent obtained from or instructions given by employees, customers,
suppliers or any other third parties regarding the use of personal, sensitive or
confidential data are retained securely.
The degree of security required around accessibility and storage should reflect the
sensitivity and confidential nature of any information recorded.
Retention Periods
The schedule below details minimum retention periods for a range of categories, which have
statutory requirements for record keeping/retention periods.
Some records will be retained by ITC Compliance and some by you.
Record category Retention period
Company information Incorporation documents – Permanently
Statutory returns – Permanently
Register of Member – Permanently
Pension schemes records - Permanently
Banking records – 6 years
Charities and Political Donations -12 years
Corporate Governance Permanently
Property documents Deeds of Title – until sold or transferred
Leases – 12 years from termination
Agreements with architects and builders -
6 years after completion
ITC Compliance Network Member Policies & Procedures Manual v1.3
89
Human Resources Job application and interview records – 6
months after notifying unsuccessful
candidate
Personnel and training records – 6 years
after employment ceases
Payroll records (including maternity, sick
pay) 6 years
Health and Safety records – all notifiable
accidents, dangerous occurrences,
reportable diseases – 6 years after
employment ceases.
Tax documents 6 years
Contracts Contracts under seal - 12 years after expiry
of contractual obligations
Other contracts (i.e. insurer contracts,
delegated authority agreements) - 6 years
after expiry of contractual obligations
Trust deeds - Permanently
Insurance business Public liability, Product liability and
Employer’s liability policies - Permanently
Other policies – 2 years following policy
lapse or until claims under the policy are
barred (whichever is the longer).
Cancelled or lapsed policies – 2 years from
cancellation or policy lapse date
Complaints – 3 years from the date the
complaint was received (DISP 1.9.1)
Intellectual Property Records Certificates of Registration of trade/service
marks – 6 years after cessation of
registration
Intellectual property agreements and
licenses – 12 years after expiring
Property Documents under seal – 12 years after
expiring
Other contract - Current year plus 6 years
Trust Deeds - Permanently
Supplier agreements Contracts for products with suppliers – 10
years after the contract was terminated or
product no longer used, whichever is the
latter
Paper & Electronic Records
ITC Compliance, Network Members and the respective management teams should ensure
paper and electronic records (especially those that contain confidential information; e.g.
personal details of customers or the company’s business plans etc.) held on office premises
are kept secure and;
ITC Compliance Network Member Policies & Procedures Manual v1.3
90
access is restricted to staff members authorised to use such information;
paper records are placed in lockable cupboards or if necessary, in fire resistant cabinets;
and
if essential for the running of the business, such records are retrievable in a reasonable
timeframe in accordance with the Business Continuity Plan.
Disposal of Records
All information of a confidential or sensitive nature held on paper or in electronic format
should be securely destroyed when no longer required.
This is a requirement under the Data Protection Act and an expectation of the FCA. The
disposal of records, in any format, should be conducted with utmost care and diligence and
the confidentiality rights of employees, clients or customers and third parties should be
considered.
Safe and Secure Disposal of Records
When disposing of records (in whatever media – paper or electronic) either on or off-site,
after the expiry of the retention period, it is important to use a secure method which does
not allow future use or reconstruction of information by unauthorised individuals.
When outsourcing destruction to a third party a destruction certificate should be obtained
and subsequently retained in a secure place to evidence that you followed a proper process
to carry out the destruction.
Disposal of Paper Records
Paper records containing confidential and/or personal information should be cross-cut
shredded and disposed of through reputable waste collection companies. Under no
circumstances is confidential and/or personal information disposed of with other rubbish or
general papers.
Electronic Records
Special care should be taken with electronic records, which can be reconstructed from
deleted information if the data has not been erased thoroughly. The deletion of electronic
records ultimately means the complete destruction of the electronic record and should be
organised in conjunction with your IT Department.
Simply erasing or reformatting computer disks or personal computers with hard drives,
which once contained personal information, is not enough.
Monitoring & Reporting
You are responsible for ensuring adequate processes are in place for checking that records
are maintained adequately, are accurate, not excessive, archived when appropriate and not
held for longer than is necessary.
Management Information
ITC Compliance and Network Members should maintain robust processes on record keeping,
reviewing them periodically to ensure that compliance is maintained.
ITC Compliance Network Member Policies & Procedures Manual v1.3
91
Appendix 1: Financial Promotions Checklist
This document is available on the ITC Compliance Website, within the Documents Section
Sent By:
Email Address:
Area Rule Detail Guidance Tick Box Comments:
Does the document make reference to the company
name, an address or email address and a telephone
number?
ICOBS
4.1.2
Is it clear who the customer will be dealing with if
they act upon the promotion?
Is your Regulatory Status clearly stated on the
document?
ICOBS
GEN 4
Example: [Enter firm name] is an appointed
representative of ITC Compliance Limited which is
authorised and regulated by the FCA (their
registration number is 313486) and which is
permitted to advise on and arrange general
insurance contracts
If the promotion features exclusions, have these been
referred to in equal prominence to the benefits?TCF 5
Are there any applicable limits or restrictions. These
should be referred to in plain English.
Are all statements and comparisons factual and
correct?
TCF 2
ICOBS
6.2
Would you be able to provide evidence of the facts
behind the statements within the promotion?
Is the promotion suitable for the target audience? TCF 2
Is the language used, product advertised etc
suitable for the people being targetted by the
promotion. E.g. Travel Insurance being advertised
within a Travel Agent.
Who is the target audience?:
Where will the Document be used? TCF 2Will it be published in a magazine, online, on a flyer,
used internally etc
Is the language used clear, fair and not misleading?
TCF 3
TCF 5
ICOBS
2.2.3
Is the content jargon free, or have any jargon
phrases been explained and cross referenced?
If the premium is shown does is it clear that it includes
Insurance Premium Tax?TCF 3 This can be an asterisk that states including IPT
Where applicable is it clear that prices are inclusive of
VAT and is your VAT number clearly shown?TCF 3 This can be placed in the footed of the document
Where applicable is it clear that statements are
subject to Terms and Conditions?TCF 5
For example within a SMART insurance product
dents and chips will be covered up to a certain size.
Therefore the promotion would state; "Repairs to
Dents and Chips covered (subject to Terms and
Conditions)
Signed: Date:
FP Submission Checklist V0.1
Promotion Description:
By completing the below, I confirm that all required elements have been completed.
I understand that ITC Compliance have a 5 day SLA, from the date of submission, to review this document and return with any amendments that may be required.
Please send this form, along with the document to be authorised to [email protected]
ITC Compliance Network Member Policies & Procedures Manual v1.3
92
Appendix 2:
Example Balanced
Scorecard
Innovation &
Learning Perspective
Goals & Measures *
Financial
Perspective Goals & Measures*
Internal Business
Perspective
Goals & Measures *
Customer Perspective (TCF)
Goals & Measures*
ITC Compliance Network Member Policies & Procedures Manual v1.3
93
Appendix 3: Complaint Reporting Form
ITC Compliance Network Member Policies & Procedures Manual v1.3
94
Appendix 4: Example Financial Promotions Register
This document is available on the ITC Compliance Website, within the Documents Section
ITC Compliance Network Member Policies & Procedures Manual v0.9
95
Appendix 5: Example Call Monitoring Check-Sheet
Last Spreadsheet Update: 28/05/2014
Call Monitor Name
Monitored Date
File Name
Date of Sale
Call Upload Date
Call Duration
Customer Title
Customer Forename
Customer Surname
Company ID
Company Name
Sales Agent Name
Sales Agent User ID
Was the sales agent trained at the point of sale?
Type of Sale Advised
General Requirements / Abbreviated Distance Marketing Information Additional Notes Received Maximum Penalties Failure Rules
Did the sales agent provide their name and details of their link with the firm? No
The sales agent failed to provide the customer with adequate information
about themselves and their link with the firm, please ensure the customer is
given the sales agent's name and link with the firm in all future calls. 0 / 2 ICOBS 3.1.6
Did the sales agent inform the customer that calls are monitored for training
and monitoring purposes? No
The sales agent failed to let the customer know that calls are recorded, it is
important for the customer to know this as they are allowed to terminate the
call if they do not want to be recorded. 0 / 2 TCF Outcome 3
Was the customer informed that Travel Insurance is regulated by the
Financial Conduct Authority? No
The sales agent failed to inform the customer that General Insurance is
regulated by the FCA, please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)
Did the customer consent to the abbreviated script being read?
(If no, was the full disclosure read?) No
Please refer to the notes section at the bottom of the page for details of why
this question was answered 'No'. 0 / 2 ICOBS 3.1.14
Was the customer informed of the firm's regulatory status? No
The sales agent failed to tell the customer about the firm's regulatory status,
please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)
Did the sales agent offer the customer details of how to verify the firm's
regulatory status? No
The sales agent failed to offer the customer details on how to verify their
regulatory status, please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)
If they requested these details, was the customer correctly informed of how
to verify the regulatory status of the firm? No
The sales agent failed to give the customer all of the correct information on
how to verify the firm's regulatory status. Please make sure the customer is
correctly informed in all future calls. 0 / 2 ICOBS 4.1.2 (2)
Scope of Service Additional Notes
Did the sales agent make the customer aware that they are able to provide
advice and recommend products based on the customer's needs? No
The sales agent failed to tell the customer that they would be receiving
advice and recommendations. 0 / 3 ICOBS 4.1.6
Were the sales agent's recommendations suitable for the customer's
demands and needs? No
The sales agent's recommendations did not suit the customer's demands and
needs; it is imperative that only suitable products are recommended to the
customer. 0 / 3 16.26% ICOBS 5.3.1
Marks
ITC Compliance Network Member Policies & Procedures Manual v0.9
96
Features, Benefits and Exclusions Additional Notes
Did the sales agent provide the customer with an adequate amount of
features and benefits? No
The sales agent failed to provide the customer with a sufficient amount of
features and benefits, please make sure this is not done in future calls. 0 / 3 16.26% ICOBS 6.1.5
Was the customer provided with an adequate amount of exclusions? No
The customer was not provided with an adequate amount of exclusions,
please make sure this is not done in future calls. 0 / 3 16.26% ICOBS 6.1.5
Was the customer told that the maximum total claim limit would be the
amount the customer paid for their vehicle and that a £1,000 cover limit
applies to each individual claim? No
The customer was not informed of the total and individual cover limits;
please make sure these are mentioned in future calls. 0 / 3 16.26% ICOBS 6.1.5
Price Disclosure and Other Charges Additional Notes
Did the sales agent provide the customer with details of any other charges that
may be payable other than premium monies, or the lack thereof? No
The sales agent failed to mention any additional charges that may be
payable or the lack thereof, please ensure this is done in all future calls. 0 / 2 ICOBS 3 Annex 3 (3)
If the policy was bought by a consumer in connection with other goods or
services did the firm disclose the premium separately from any other prices? No
Please ensure that the price of insurance is provided seperately to other
goods for all future sales 0 / 3 ICOBS 6.1.13
When the customer was presented with the price of the insurance were they
informed that IPT was included? No
The sales agent failed to tell the customer that the price was inclusive of IPT,
please ensure this is done in all future calls. 0 / 3 ICOBS 3 Annex 3 (3)
Was the customer offered both the monthly and annual payment options? No
The sales agent failed to offer the customer the monthly and annual payment
options, please make sure these are both offered in future calls. 0 / 3 TCF Outcome 2
Eligibility Questions Additional Notes
Were the following questions asked:
Is the vehicle to be used within the restrictions placed on it by the policies
available (e.g. no racing, rallying, commercial uses, etc)? No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
Is the vehicle eligible for cover (make, age, mileage, etc)? No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
Is the customer likely to keep the vehicle long enough to benefit from any
policies sold? No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
Does the customer satisfy policy residency requirements (e.g. resident of the
UK, Channel Island, Isle of Man or EU if applicable)? No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
Does the customer hold any insurance policy, which may already provide
suitable cover? (If yes please note below e.g. rescue recovery, which may be
covered within a warranty policy, replacement new vehicle which may be
covered in year one/two of a comprehensive motor insurance policy). No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
ITC Compliance Network Member Policies & Procedures Manual v0.9
97
If your vehicle were to develop a mechanical defect would you prefer a third
party to pay for the repair, including parts and labour? (Subject to a
maximum specified claim limit, terms and conditions) No
The sales agent either failed to ask this question correctly or did not obtain
an adequate response from the customer; please ensure these questions are
asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)
Based on the answers they provided throughout the call was the customer
eligible for the policy they purchased? No
The customer was not eligible for the policy they purchased; it is imperative
that in future calls the sales agent ensures the customer is only offered
products of which they are eligible to claim on. 0 / 3 26.26% ICOBS 5.1.1 (1)
Pre-Contract Information Additional Notes
Did the sales agent read one of the following (based on the payment option
selected):
Premium Credit
You will receive in the post two sets of documents; one will be from us, which
will be your policy documents, the other will be confirmation of your direct
debit arrangement with a company called Premium Credit. Premium credit
will provide you with two copies of the agreement, in which they will ask you
to sign one and return it to them.
We do recommend that you do this but if you do not sign and return it to
them, the policy and direct debit will still be in place. Once you have
received your policy documents, you have 14 days in which to cancel the
policy unless you make a claim, however if you do cancel the policy after 14
days it will leave an outstanding balance that will need to be settled. The
payments will show on your statement as payment to World of Warranty Ltd. No
The sales agent failed to read these declarations to the customer; please
make sure they are read in all future calls. 0 / 3 16.26% ICOBS 6.2.5
Credit Card/Debit Card
You will receive your policy documents in the post in the next 3-5 Working
days. Once you have received your policy documents, you have 14 days in
which to cancel the policy unless you make a claim. We will also send you a
copy of our FCA Initial Disclosure Document together with a copy of the
questions we have gone through today. It is very important that when you
receive this documentation that you check it to ensure that you are eligible
for any policy you decide to purchase and that you are happy with the levels
of cover. You will receive your documents in the post in the next 3 to 5
working days. No
The sales agent failed to read this declaration to the customer; please make
sure it is read in all future calls. 0 / 3 16.26% ICOBS 6.2.5
Consent Additional Notes
Did the customer give their explicit consent for the policy to be set up? No
The sales agent failed to gain the customer's explicit consent to set up the
policy, this is extremely important and must be done in all future calls. 0 / 3 26.26% ICOBS 3.1.10
0 / 70 Total
.Results Failure Rules Results
Questions Answered 26 Number of ICOBS Failures 24
Positive Answers 0 Number of TCF Failures 2
Negative Answers 26 Number of PI Failures 0
Percentage Achieved 0% Number of Non-regulated Failures 0
Additional Penalty:
The Call Monitoring Check-Sheet will also include remedial actions that ITC Compliance require you to undertake. These will be noted
within the document, underneath the check list. The remedial actions will depend on the specific areas failed within the call.
ITC Compliance Network Member Policies & Procedures Manual v0.9
98
Appendix 6: Potential Conflict of Interest Form
This document is available on the ITC Compliance Website, within the Documents Section
Date Conflict of Interest
Discovered
Identified by
Details of the Conflict
Action required (ITC
Compliance use)
Logged on Conflicts of
Interest register by;
Date
ITC Compliance Network Member Policies & Procedures Manual v0.9
99
Appendix 7: Conflict of Interest Self Assessment
Form
This document is available on the ITC Compliance Website, within the Documents Section
How to use this Conflict of Interest Self Assessment Form:
You should review the form and read each issue and if any of the issues are identified as
occurring within your firm, you should put a tick in the tick box. The form will then help identify
potential conflicts of interest affecting your firm and state the procedures you must adopt to
help manage and mitigate the conflict.
Issue Potential conflict
of Interest
Tick
Box
Typical procedures to manage the
potential conflict
Preferential
commission
rates from a
particular
insurer
Are sales staff
placing business
with that insurer
without considering
the needs of the
customer?
Commission across the panel arranged
so that no one insurer has appreciably
different commission deals for the
same product.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
Profit share
arrangements
with a
particular
insurer
Are sales staff
placing business
with that insurer
without considering
the needs of the
customer?
Profit share arrangements not
disclosed to sales staff.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
Volume
overrides
arrangements
with a
particular
insurer
Are sales staff
placing business
with that insurer
without considering
the needs of the
customer?
No direction/instructions from senior
management where to place business,
if this is likely to result in customer
detriment.
Volume override arrangements not
disclosed to sales staff.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products and for effective
monitoring of placements.
ITC Compliance Network Member Policies & Procedures Manual v0.9
100
Sales staff
remuneration
based on sales
targets
Are incentive
payments or
competitions made
to sales staff to
complete insurance
sales without
considering the
needs of the
customer?
Robust management controls in place
to ensure that customers have been
treated fairly including;
rewards that take into account quality
as well as quantity such as the
incidence of upheld complaints,
adherence to procedures and findings
from internal monitoring.
Appraisal and development
arrangements including TCF and
quality considerations.
Delegated
claims
handling
Are you acting for
the insurer when
the customer
reasonably believes
that you are acting
for them?
Disclosure documents include details.
Claims handling procedures to include
“Treating Customers Fairly” principles.
Hospitality
and Gifts
(Inducements)
Have significant
hospitality and gifts
influenced the fair
treatment of
customers?
Policy and procedures for the
registration and approval of hospitality
and gifts.
Relationships
or financial
interests with
insurers or
other third
parties with
whom we deal
Has business been
placed with a
particular insurer or
have other
contracts entered
into without
consideration of the
customer’s best
interest?
A register maintained of all such
arrangements.
Disclosure document includes the basis
and criteria for selecting insurers for
particular products.
Conflicts
between
customers
when acting
for both
Are you acting for
competing
customers,
affecting your
ability to treat both
fairly?
Disclose conflict and obtain agreement
to proceed for both parties.
Set up Chinese Walls – segregation of
duties information barriers so that
each customer is treated fairly and as
if the other was not present.
Staff members
or member of
their
immediate
family has an
interest in an
outside entity
Is the interest
substantial enough
for it to be
perceived to affect
their judgement
with respect to
transactions
between the
Network
Member/ITC and
that entity i.e. a
material interest
exists?
Staff members with a material interest
in any service provider, insurer or
product provider must declare this
interest to HR.
If the AR Network member cannot
manage a conflict adequately, it will
disclose this to the client, before
undertaking any business for that
client.
Undertaking a
tender
exercise to
select supplier
or product
Has the supplier or
product provider
been appointed
without considering
the impact on
Before undertaking any tender
exercise the proposed tender process
needs to be signed off by a Project
Sponsor/appropriate Senior
Management in advance of issuing to
ITC Compliance Network Member Policies & Procedures Manual v0.9
101
provider customers? the invited tender participants.
Proposals/recommendations resulting
from any tender process are signed off
in advance of any final ratification and
communication to tender participants.
Close personal
relationships
Will the relationship
potentially result in
some form of
influence, either
positive or
negative, on
another employee
or business
process?
Staff members should disclose any
personal relationships that may result
in any form of influence on another
staff member.
Line management to ensure that roles,
responsibilities and team structures
are reviewed to minimise or avoid any
potential conflicts arising from staff
relationships.
ITC Compliance Network Member Policies & Procedures Manual v0.9
102
Appendix 8: Gifts & Hospitality Approval Form
This document is available on the ITC Compliance Website, within the Documents Section
Gifts & Hospitality Approval Form
Gift/Hospitality
Description:
Received by
Name & Dept:
Given by
Name &
Company:
Reason for
Gift/Hospitality: Date:
Value - please
provide
breakdown and
any supporting
evidence e.g.
website link
Name Date Signed
Name &
Signature of
applicant:
Approval
Name & Position Date Signed
I confirm I am
satisfied that
this meets the
Gifts &
Hospitality
Policy and
there are no
identified
Conflicts of
Interest
103
Appendix 9: Example Gifts and Hospitality Register
This register is available to download from the ITC Compliance Website, within the Documents section.
104
Appendix 10: Impact Score Scale
All of the columns will be considered when making a judgement. Where different columns give different ratings for the same risk, a
balanced judgement will be made of the overall impact. The impact will be considered without taking into account any controls or
mitigation set up. It will also be noted that the impact score is different to the impact score used in the Risk Appetite.
Factors influencing Impact Score
Rating Customer
Service (TCF
Risk)
Reputational
Risk
Regulatory
Risk
Legal Risk People Risk Criminal Risk Approx. Direct
Loss (e.g. ex
gratia, fine,
compensation)
Based on
percentage of
income
1 Insignificant Customers not
impacted or
aware of the
problem
Very high
reputation
Regulator
recognises
high
compliance
standards
No threat of
legal action
No effect High standard
publically
recognised
Under 1% of
income
2 Minor Some customers
aware but the
impact is
negligible.
or
affects less than
25 customers
Routine
sniping in the
media.
Routine
criticism from
trade bodies,
e.g. SAIF
Adverse
verbal and
written
comments
from the
regulator but
no regulatory
fine
Threat of
legal action
but unlikely
to succeed
Potential for
minor injury
or key man
or team to
leave.
Unsuccessful
fraud.
System breach
unsuccessful
1% of income
3 Moderate Customers
aware and
results in
temporary loss
of service
or
affects more
than 25 but less
than 50
customers
Critical article
in media
Regulatory
action with
the potential
of a small fine
Threat of
legal action
with probable
settlement
out of court
Injury
requiring
hospital
treatment for
more than
one member
of staff or
minor scale
down sizing
Physical or
System
penetration
attained but
not successful
10% of income
4 Major Significant A negative Regulatory Legal action Significant Police 25% of income
105
number of
customers
aware of the
problems and
encounter some
inconvenience
or
affects more
than 50 but less
than 100
customers
story in
industry
action with a
potential fine
between
£1,000 and
£50,000 or
enforcement
investigation
brought
against the
Network
Member with
limited
opportunity
for
settlement
injuries or
significant
downsizing or
key man or
key team
have left
investigation
launched.
Systems may
be
compromised
5 Catastrophic Most customers
suffer a major
inconvenience
or
affects more
than 100
customers
or
loss of cover
where the
Network
Member are
liable
Negative
story in media
/ regulatory
website
resulting in
loss of public
confidence
Regulatory
action with a
significant
threat of a
fine of more
than £50,000
or
enforcement
action.
Legal action
brought
against the
Network
Member for
significant
violation and
likely to
succeed
Major effect
on staff lives
or wide scale
downsizing or
key man or
key team
have left
taking
significant
business with
them
Major
successful
fraud against
the Network
Member.
Systems
totally
compromised
more than
25% of income
106
Appendix 11: Likelihood Score Scale
This is the likelihood of the identified risk taking place.
Factors influencing Likelihood Score
Rating Likelihood of occurrence
Example of percentage Example of frequency
1 Rare Not expected to occur for years Less than 1% chance of
occurring
Negligible, may occur only in
exceptional circumstances
2 Unlikely Once every 2 years 1% to 10% chance of occurring Unlikely to occur at some time
3 Often Once every annually 11% to 51% chance of occurring Should occur at some time
4 Likely Likely to occur monthly 51 to 80% chance of occurring Probably occur at some time
5 Expected Expected to occur weekly More than 80% chance of
occurring
Will occur
107
Appendix 12: Exposure / Control Score Scale
Factors influencing exposure / control score
Rating Control
Definition
Procedures /
Tests
Control
Effectiveness
Business
Change
Control Design Contingency External
Mitigation
1 Minor Well designed
and
documented
controls that
have been
thoroughly
tested
Procedures
have been
reviewed and
tested in the
last 12
months
Testing
thoroughly for
all problems
Limited change
to update
existing
processes
Detailed roles
and
responsibilities.
Automated
controls
Plans mean
that work can
continue with
no interruption
Risk fully
transferred to
third party
with no
residual
exposure
2 Limited Controls are
well designed,
but a few
limited
exceptions are
evident
Procedures
covering all
areas and
some parts of
the
procedures
were reviewed
in the last 12
months
Management
support but
use by staff
varies
Some changes
to the business
due in the next
6 months
Clear roles and
responsibilities
for most
functions
Mostly
automated
controls
Full recovery
within 24
hours
Risk largely
transferred to
third party
3 Medium Number of
exceptions
have occurred
indicating
limited design
or insufficient
management
supervision
Procedures
covering most
key areas
Some testing
No adherence New project
about to be
implemented
Most jobs
defined
Automated and
manual controls
Full recovery
within 5 days
Risk partly
transferred to
third party
4 Significant Primary control
failures are
occurring and
secondary
controls are
not detecting
failures
Little testing
Some key
areas not
covered in
procedures
No
Management
or staff
Support
Fundamental
business
change which
will lead to
significant
changes to
working
Most controls
are manual and
detective not
preventive
Plan not
tested or little
detail
Minimal risk
transfer
108
practices
5 Major Controls are
very weak or
no controls
Few or no
procedures
Staff not
aware of
control and no
support
Rapid change
and
uncertainty
No control
levels
No plan in
place
No risk
transfer
109
The risk is calculated by the following calculation:
1. Scoring risks for potential impact and likelihood, to derive the inherent level of risk (impact score x likelihood score =
inherent score). The inherent score excludes any mitigation or internal controls i.e. gross risk
2. Scoring risks for the exposure / control (identifying and assessing the level of mitigation controls currently in place)
3. Producing an overall risk assessment of either an A, B, C or D risk using the table below.
The example register on the following page gives a clearer example of how the scoring is derived.
EXPOSURE / CONTROL SCORE
Absolu
te
Ris
k
Score
Im
pact
X
Lik
elihood
1 2 3 4 5
>10 C B B A A
8 - 10 C C B B A
5 - 7 C C C B B
3 - 4 D C C C B
0 - 2 D D C C C
110
Date of last review by Risk
Register Owner: xx June 20xx
Risk Register Owner:
Risk Appetite:e.g.
Balanced
Risk Description Impact Comments Likelihood
Comments
Control Comments
Im
pact
Lik
elih
oo
d
Exp
osu
re
Ab
so
lute
Sco
re
Overa
ll
Prim
ary
Ris
k T
yp
eAction / Current Status / KRIs
1 1
Commercial Objectives
Not hitting targets
Not meeting budget
Loss of key/platinum accounts
Cash flow, redundancy Is happening
currently
Close monitoring of targets
and budget
Management meets monthly
to update progress, with
compliance attendance.
Monthly business review .
5 5 4 25 A
Stra
tegic
KRI Measures:
Staff Reduction
Costs reduction
Training emphasis
Insurance manager input
New product reviews
3 2
Achieving regulatory obligations Client contact
Loss of Reputation
Regulatory visit
expected August
xxxx
Extra resource allocated in
preparation
4 3 1 12 C
Regula
tory
Plan in place for with Directors oversight
Pre
vio
us R
an
kin
g
Cu
rren
t Ran
kin
g
Appendix 13: Example Risk Register
This register is available to download from the ITC Compliance Website, within the Documents section.
111
Appendix 14: Example Business Continuity Plan
An editable version of this document will be available to download from the ITC Compliance
Website, within the documents section.
Business Continuity Plan
A major risk to Firm A is business continuity or disaster recovery. A Business Continuity
(Recovery) Plan has been created as detailed below in order to manage the associated risks.
Introduction Business Continuity Overview
It is Firm A’s policy that the Company’s Business Continuity Plan is complete, effective and up-
to-date. This plan will provide valuable information in the event of a disaster/incident and will
provide the basis for ensuring that any recovery operation can be achieved as smoothly and as
efficiently as possible.
Senior Members of Firm A staff will form an Emergency Management Team (EMT), which will
provide management level support to facilitate a speedy and effective disaster recovery.
The Emergency Management Team will initiate contact with all staff by way of the call cascade
list. The EMT members are responsible for ensuring they have access to the list outside of the
normal working environment. The Finance Dept, as part of the HR function, are responsible for
maintaining the accuracy of the list and providing copies to the EMT members.
The CEO and/or a Director will decide whether to activate the Company’s plan based on
information received from the Emergency Management Team.
The Emergency Management Team are defined within the companies Organisation Chart. Policy
There are three main areas of business recovery that need to be considered for the Company.
These include:-
access to building denied
loss of network server
telephone systems unavailable
This plan is to be used by the Company in the event of a disaster rendering building, telephone
or computing facilities unusable for a significant period of time.
Overall Business Impact:
Some disruptions would be inevitable but the amount depends on the nature and extent of the
disaster.
Depending on the nature of the disaster, staff may be required to perform duties relating to
other business functions. This is permitted under their contracts of employment.
112
Precautionary Measures Storage of Critical Information
Paper-Based
A copy of this plan and Firm A’s policies will be retained at our secondary location.
Workgroup Server Based
All business critical data is currently backed up.
Off site servers are backed up fortnightly. These store Firm A’s main critical functions of
website and admin system.
Data on laptops and mobile phones
Data stored on mobile equipment will be adequately and securely protected through passwords
or other security methods.
Requirements For Firm A Requirements
In the event of a major disaster rendering the host building unusable for an extended period of
time, Firm A requires access to a temporary work area and would require the resources
detailed below.
Staff
The Emergency Management Team will decide on the number of staff required in relation to:
the disaster faced
the anticipated timescale to return to full functionality at the appropriate premises Facilities
Based on the above, consideration will need to be given to:
desks
chairs
computers (including printers and peripherals)
telephones
stationary
email and broadband access
photocopier
postal facilities
fax machine
113
Telephones can only be diverted to one specific phone number
Team Structure
The structure of the Emergency Management Team is contained within the Organisation
Structure Chart.
Nominee replacements for EMT members are detailed below:
Name Replacement
Mr X Mr B
Ms Y Ms C
Mr Z Mr D
Ms A Mr E
Responsibilities Emergency Management Team:
to decide to invoke the recovery procedures and to what extent they are to be
followed.
to act as single point of contact for staff during the recovery effort.
to liaise with any external stakeholders, including emergency services, with
regards to recovery requirements and recovery updates.
maintain overall management of the recovery teams and the recovery effort.
to ensure that all their teams' functions have been accounted for and either
recovered or suspended.
to co-ordinate the efforts of their team members and to keep them informed of
progress.
to ensure that contact is made with all team members working off site, on holiday
or absent through sickness.
Response - During Normal Working Hours Initiate Evacuation Procedures If Appropriate
evacuate all personnel in an orderly manner and assemble outside, including
clients attending meetings.
fire marshals to ensure that all departmental staff are out of the building.
if possible, request staff to remove important documentation from their work area.
Notify Staff Members
Each Emergency Team Member will notify all team members of the situation and issue a
contact number for them. A complete copy of all the team members' home phone numbers or
mobile numbers will be retained by each EMT member. This is the call cascade list.
114
Situation Assessment
It may be some time before the full extent of the disaster is known. During this time the
Emergency Management Team will assemble to initially appraise the situation and begin to
consider whether to invoke the recovery procedures.
Out of Normal Working Hours Initial Contact
The initial contact out of normal working hours will be the Emergency Management Team who
will be apprised of the situation.
Form Emergency Team
The Emergency Management Team member contacted, depending upon the information
received, will decide whether to gather the Emergency Management Team. It will be discussed
with at least one other Emergency Management Team member, before a decision is made.
If access to the normal place of work is impractical, the Emergency Management Team will
convene at the secondary location, to use as an Emergency Command Centre:
Emergency Process
As each emergency scenario can be different, the below is intended as a guide to EMT to
ensure all relevant points are considered.
This section details the actions that may be required following invocation of this BCP. Actions Required on Day One of the Recovery
1) Compile a list of any missing persons and known casualties. Ensure that the list
includes both members of staff and visitors.
2) Contact the Emergency Services to pass on any list of missing persons and receive
information on casualties.
3) Contact the IT representative on the EMT to advise them of the situation and to
request assistance for IT and other infrastructure issues, and to invoke recovery
space at the secondary location and home working.
4) Contact the families and next-of-kin of affected staff.
5) Verify:
a) Emergency security at the Primary Location if the site has sustained structural
damage. If necessary, work with the landlord to ensure that the site is made safe
and secure. Consider additional security personnel if required.
b) When entry to the site will be allowed, if access has been denied.
6) Confirm that access to recovery space at the secondary location is available and
that those allocated as home workers are notified.
7) Assemble the EMT at the Emergency Command Centre (ECC), the secondary
location.
115
8) Establish and staff a Co-ordination Point near to the Primary Location site. Notify
the Emergency Services of the Co-ordination Point location.
9) Direct business visitors to the Co-ordination Point, if appropriate.
10) Complete an interim business impact assessment.
11) Consider:
a) Impact on the ability to provide services normally undertaken at these offices.
b) Impact on the ability to undertake other activities such as IT development etc.
c) Loss of assets.
d) Direct costs.
12) Which losses will be sustained if the BCP is not invoked?
13) Decide whether to continue BCP invocation. If the BCP is not to be invoked then
resolve any problems and implement stand-down procedure. Otherwise, continue
with the planned response.
14) Contact all members of staff and provide immediate instructions. Consider the
following:
a) Provide the minimum information to initiate the response and explain the current
situation.
b) Verify specific Emergency Response tasks.
c) Identify any business-critical activities that should receive priority.
d) Confirm staff members’ immediate contact details.
e) Give notice of the staff briefing time and place.
15) Instruct those staff that are immediately required to work from home
16) Provide emergency cash to staff involved in the recovery.
17) Instruct staff that are not required to remain at home and in contact.
18) Clearly state the need for secrecy pending a formal press release.
19) Inform third party contacts of the disruption affecting Firm A’s operations and the
recovery action being taken. Consider the following points:
a) Wherever possible, send standard broadcast fax; otherwise, explain circumstances
verbally using the latest approved statement.
b) Ask contacts not to call back and explain that they will be notified of events that
affect them.
20) Contact relevant banks if electronic payments are pending, informing them of the
disruption affecting Firm A and the recovery action being taken. Discuss any
appropriate actions and advise of interim working arrangements.
21) Verify with IT, voice line redirection, message content and call routing / handling
to EMT mobiles
22) Redirect postal mail
116
23) Record details of damage to the building using a still or video camera. These
pictures will be required for insurance purposes and damage must be recorded
before the salvage and clean-up operations begin.
24) Verify that the landlord has been advised
25) Compile list and obtain readily available consumables (retaining receipts) that may
be required including:
a) Stationary
b) Desks
c) Chairs
d) Computers (including printers and peripherals)
e) Telephones
f) Email and broadband access
g) Photocopier
h) Postal facilities
i) Fax machine
26) Consider ability to notify Third Parties via website or other media if remotely
accessible
27) Consider notifying relevant suppliers detailed in supplier contact list for both the
Primary Location and the secondary location.
Actions Required by Day Two of the Recovery
1) Review key priorities in current recovery site workload.
2) Arrange trauma counselling for affected staff if this is felt to be appropriate.
3) Conduct a briefing for all members of staff, both at the recovery site and
elsewhere, covering the following:
a) Internal press release, résumé of events and status.
b) PR issues.
c) Damage and impact assessment.
d) Salvage status.
e) Recovery strategy.
f) Operating recovery targets.
g) Roles and responsibilities.
h) Department reporting and problem escalation guidelines.
i) Voice, internet and fax communications availability and usage.
j) Progress reporting.
4) Assess the need for extra staff or shift work to address any backlogs and any
urgent tasks at the recovery site
5) Resume accounts ledger activities at the recovery site
6) Help-desk activities should resume
7) Staff should begin to re-create lost or corrupted system data and paper-based
work-in-progress.
117
8) Establish when access to the Primary Location will be allowed. If so, try to
determine:
a) What can be salvaged and its condition.
b) What has been irretrievably lost or destroyed.
c) What is intact, but inaccessible?
d) Infrastructure damage and access availability.
e) Expected rebuild time frames.
f) Location for reconstruction activities.
9) Liaise with key Network Members to ensure that they are kept aware of the
incident.
10) Arrange a meeting to establish insurance and reconstruction responsibilities
Actions Required by Day Five of the Recovery
1) Monitor staff morale and confidence in employment continuity
2) Staff at the recovery site should continue re-creation of lost or corrupted system
data and paper-based work-in-progress
3) Compile and submit insurance claims. Co-ordinate activities of loss adjusters /
assessors.
4) If necessary, begin reconstruction of damaged or destroyed documents.
Longer-Term Actions
1) In conjunction with staff, begin to develop a long-term business recovery plan.
2) Decide if a refit of the site is viable. If the damaged site will not become habitable
within one month, meet with property agents to identify a suitable alternative site.
Otherwise, authorise reconstruction and refit of the site in conjunction with
landlord/insurers.
3) If necessary, search for local office space for short-term rental.
4) Review progress on the long-term site in conjunction with infrastructure staff, in
particular:
a) Construction and / or refurbishment.
b) Design of floor layout(s).
c) Plans for occupancy of the site.
d) Procedures for security, cleaning, post and other services.
e) Time frame for business transfer to the site.
f) Emergency procedures.
g) Procurement, installation, commissioning and testing of replacement computer
systems.
5) Prepare a staff briefing note on the new site. Include:
a) The level of equipment and facilities available.
b) Site layout plans.
118
c) Directions to the site.
d) The date of transfer of operations.
e) The expected length of stay.
f) Special arrangements regarding transport of staff.
g) Altered working arrangements for staff.
h) Recompense for disruption of work patterns.
i) Liaise with IT over systems as well as voice and data transfer to the new site.
6) Review timescales for occupation of the new site.
7) Resume normal operations from the new site.
Final Actions
1) Retrieve and review copies of Incident Logs and meeting notes. Identify:
a) Exceptional performance.
b) Sources of delay or inefficiency.
c) Errors or inappropriate responses.
d) Actual timescales for activity completion.
2) Hold a post-incident review meeting and quantify the cost of the incident in terms
of:
a) Lost information.
b) Additional resource requirements.
c) Missed opportunity.
d) Inability to provide services and products internally and to customers.
e) Fines, charges, compensation and penalties.
f) Loss of staff and assets.
g) Additional cost of working.
3) Update the BCP, if necessary
4) Update internal operating and emergency procedures
Throughout the Recovery
1) Maintain the Incident Log
2) Maintain notes of meeting decisions
3) Maintain contact with all members of staff
4) Respond to requests for information
5) Inform them of changes in strategy
6) Inform them of notable occurrences that may affect priorities.
7) At regular intervals:
a) Review recovery progress against target timescales.
b) Assess recovery progress section
8) Prepare updates for all members of staff. Include the following:
119
a) Incident status and recovery progress.
b) Objectives and deadlines.
c) Individual objectives, roles and responsibilities.
d) Specific instructions.
e) Handling personal problems caused by, or contributed to by the incident.
f) Security issues.
g) Current statements for handling incoming calls.
9) Liaise with senior management regarding all expenditure decisions.
10) Maintain regular contact with the Primary Location and with key third parties.
11) Ensure the prompt submission of any insurance claims.
12) Check salvage status - availability of paper-based records and extent of
information lost.
13) Assess the well-being of staff and identify need for professional support.
14) Consider either buying a shredder or calling on a shredding company to dispose of
confidential waste.
Contact Directory
Emergency Services Contact List
Service Contact
Police 999
Local Contact 101
Fire 999
Ambulance 999
Hospitals
1 Hospital Road, AB1 2CD
0123 456 7890
1 Hospital Close, CD1 3EF
0987 654 3210
120
Appendix 15: Example Telephone Cascade List
An editable version of this document can be downloaded from the ITC Compliance Website,
within the documents section.
This should be completed to ensure that all staff receive notification in the event of the
Business Continuity Plan is invoked.
121
Appendix 16: Business Continuity Plan Test
Scenarios Scenario 1 – Pandemic Flu A flu pandemic has hit the UK and is being reported on national and local news, with high
levels of sickness in large cities.
Week 1 – Staff absence is higher than usual and many staff members are complaining of
feeling unwell throughout the work day.
Week 2 – Staff absence has now moved to around 20% and 2 large firms have advised that
they have stopped operating for the foreseeable future due to the pandemic.
Week 3 – The local council has closed all schools in the area due to staff shortages and to stop
the spread of the illness.
50% of staff members with children have advised they will be staying at home to care for
either sick children or due to the school closure as they have no other child care options.
Week 4 – Staff absence is now approaching 40% due to the pandemic. 2 absent staff
members are seriously ill and in hospital. Local news outlets have caught wind of this and have
asked for comment on the situation.
Week 6 – The pandemic has started to ease and staff absence has now reduced to 10%.
However key members of staff still remain off work due to illness.
Week 8 – The pandemic is now close to being over and staff absence levels have returned to
normal for the time of year.
Scenario 2 – Office Fire A disgruntled ex-employee has thrown a brick through the staff room window and has started
a fire in the early hours of the morning. The fire spreads to the IT department and continues to
damage the ground floor of the office until the fire brigade arrives just before 7am.
Day 1 7am – The fire brigade has stopped the fire spreading any further and is close to
putting the fire out. Employees start arriving to work by this time.
Day 1 9am – The fire brigade has extinguished the fire and declared the office unsafe for at
least the next 72 hours while they investigate the arson and inspect the safety of the building.
The car park is now full of employees, employees from nearby offices have also come over to
see what is happening and local news has just arrived and is looking for comment on the
situation.
Day 2 – The fire brigade has completed their investigation and inspection of the office. The
good news is the perpetrator has been apprehended by local police. The bad news is they have
advised that the building cannot be used until the staff and IT room have been repaired which
could take up to 7 working days. It is unclear the extent of the damage to the IT room and
ecommerce hardware.
Day 7 – The office has been repaired and the fire brigade has declared it safe. Some
employees are cautious about returning to the office due to the events.
122
Appendix 17: Form D
Application number (for FCA/PRA use only)
The FCA and PRA have produced notes which will assist both the applicant and the approved person in answering the questions in this form. Please read these notes, which are available on the FCA and PRA’s website at: http://media.fshandbook.info/Forms/notes/imap_formd_notes.doc www.bankofengland.co.uk/PRA Both the applicant and the approved person will be treated by the FCA and PRA as having taken these notes into consideration when completing their answers to the questions in this form.
Form D Notification of changes in personal information or application details FCA Handbook Reference: SUP 10A Annex 7R
PRA Handbook Reference: SUP 10B Annex 7R
1 April 2013
Name of individual (to be completed by applicant)
Name of firm (as entered in 2.01)
Financial Conduct Authority Prudential Regulation Authority
123
25 The North Colonnade Canary Wharf
London E14 5HS United Kingdom Telephone +44 (0) 845 606 9966 Facsimile +44 (0) 207 066 0017 E-mail [email protected] Website http://www.fca.org.uk
Contact Details
Contact for this notification
Title
First Name
Surname
Job Title
Business address
Post code
Phone number (including STD code)
Email address
Mobile No
Fax No.
20 Moorgate London
EC2R 6DA United Kingdom Telephone +44 (0) 203 461 7000 Email [email protected]
124
Details to be changed Section 1
1.01
Approved person Individual Reference Number (IRN)
DETAILS TO BE CHANGED
1.02 Title (e.g. Mr, Mrs, Ms, etc)
1.03 Surname
1.04 ALL forenames
1.05 Date of birth / /
1.06
1.07
1.08
National Insurance number
Nationality
Passport number
1.09 Other changes in application details and matters relating to fitness and propriety
1.10 Effective date of change / /
1.11 Reason for change
I have supplied further information
related to this page in Section 3 YES NO
125
Arrangements and Controlled Functions Section 1
Do you want to notify us of a change of arrangement between the approved person and the firm?
Does the change in arrangement relate to an appointed representative?
Current appointed representative details?
AR FRN Firm Name
Do you want to add an appointed representative?
Do you want to remove an appointed representative?
As a result of this removal you will need to consider whether to submit a withdrawal of a CF and/or an Appointed Representative termination Please select the appointed representative to remove
AR FRN Firm Name Remove
Effective Date
126
Firm identification detailsn Section 2
2.01 Name of firm
2.02 Firm Reference Number (FRN)
2.03 Other firms for whom the individual performs controlled functions
FRN Name of firm Controlled function
a
b
c
d
e
I have supplied further information
related to this page in Section 3 YES NO
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
127
Fitness and Propriety
Do you want to notify us of a change to the approved person’s fitness and propriety?
1. Has the approved person ever been convicted of any offence (whether spent or not and whether or not in the United
Kingdom):, (i) involving fraud, theft, false accounting, offences against the administration of public justice (such as perjury, perverting the course of justice and intimidation of witnesses or jurors), serious tax offences and/or other dishonesty; or (ii) relating to companies, building societies, industrial and provident societies, credit unions, friendly societies, insurance, banking or other financial services, insolvency, consumer credit or consumer protection, money laundering, market manipulations and/or insider dealing?
Enter full details in this section
2. Is the approved person the subject of any current criminal proceedings?
Enter full details in this section
3. Has the approved person ever been given a caution in relation to any criminal offence?
Enter full details in this section
4. Has the approved person any convictions for any offences other than those listed above, whether or not in the
United Kingdom (excluding traffic offences unless these traffic offences resulted in a ban from driving or involved driving without insurance)?
Enter full details in this section
5. Has the approved person ever had a County Court Judgement (CCJ) or other judgement debt, whether satisfied or
not and whether discharged or not, in the United Kingdom or elsewhere?
Enter full details in this section
6. Has the approved person had more than two CCJs or judgement debts?
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
128
Enter full details in this section
7. Has the approved person had more than £1,000 in total of CCJs or judgement debts?
Enter full details in this section
8. Is the approved person aware of: a). any proceedings that have begun, or anybody’s intention to begin proceedings, against the approved person for a CCJ or other judgement debt?
Enter full details in this section
b). more than one set of proceedings, or anybody’s intention to begin more than one set of proceedings, that may lead to a CCJ or other judgement debt?
Enter full details in this section
c). anybody’s intention to claim more than £1,000 of CCJs or judgement debts in total from the approved person?
Enter full details in this section
9. Does the approved person have any current judgement debts (including CCJs) made under a court order still
outstanding, whether in full or in part?
Enter full details in this section
10. Has the approved person ever failed to satisfy any such judgement debts within one year of the order being made?
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
129
Enter full details in this section
11. Is the approved person or has the approved person ever been the subject of any bankruptcy proceedings, or
proceedings for the sequestration of the approved person’s estate?
Enter full details in this section
12. Has the approved person ever entered into, or is in the process of entering into, an agreement in favour of the
approved person's creditors, for example a deed of arrangement or an individual voluntary arrangement (or in Scotland a trust deed)?
Enter full details in this section
13. Does the approved person have any outstanding financial obligations arising from regulated activities, which the
approved person has carried out in the past, in the United Kingdom or overseas? (In the case of advisers, this will include any outstanding liabilities arising from commissions paid for the sale of packaged products that have lapsed).
Enter full details in this section
14. Has the approved person ever been found guilty of carrying on any unauthorised regulated activities or been
investigated for possible carrying on of unauthorised regulated activities?
Enter full details in this section
15. Is the approved person, or has the approved person, ever been the subject of an investigation into allegations of
misconduct or malpractice in connection with any business activity?
Enter full details in this section
16. Has the approved person ever, either in the United Kingdom or elsewhere:
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
130
a). been refused entry to, or been dismissed, suspended or asked to resign from, any profession, vocation, office or employment, or from any fiduciary office or position of trust, whether or not remunerated?
Enter full details in this section
b). been refused, restricted in or had suspended, the right to carry on any trade, business, or profession for which specific licence, authorisation, registration, membership or other permission is required?
Enter full details in this section
c). been disqualified from acting as a director of a company or from acting in a management capacity or conducting the affairs of any company, partnership or unincorporated association?
Enter full details in this section
d). been the subject of a disqualification direction under section 59 of the Financial Services Act 1986; a prohibition order under section 56 of the Financial Services and Markets Act 2000; or received a warning notice that such a direction or order be made?
Enter full details in this section
17. In relation to activities regulated by the FCA and/or PRA or any other regulatory body, has:
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
131
i. the approved person, or ii. any company, partnership or unincorporated association of which the approved person is or has been a controller, director, senior manager, partner or company secretary, during the approved person’s association with that entity and for a period of three years after the approved person ceased to be association with it, ever: a). been refused, had revoked, restricted or terminated, any licence, authorisation, registration, notification, membership, or other permission granted by any such body?
Enter full details in this section
b). been criticised, censured, disciplined, suspended, expelled, fined, or been the subject of any other disciplinary action by any such body?
Enter full details in this section
c). resigned while under investigation by, or been required to resign from any such body?
Enter full details in this section
d). decided, after making an application for any licence, authorisation, registration, notification, membership, other permission granted by any such body, not to proceed with it?
Enter full details in this section
e). been the subject of any civil action which has resulted in a finding against the approved person or it by a court?
Enter full details in this section
18. Has any company, partnership, or unincorporated association of which the approved person is or has been a
controller, director, senior manager, partner, or company secretary, in the United Kingdom or elsewhere, at any time during the approved person’s involvement or within one year of such an involvement:
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
132
a) been put into liquidation, wound up, ceased trading, had a receiver or administrator appointed or entered into any voluntary arrangement with its creditors?
Enter full details in this section
b) been adjudged by a court liable for any fraud, misfeasance, wrongful trading or other misconduct?
Enter full details in this section
c) been investigated or been involved in an investigation by an inspector appointed under companies or any other legislation, or required to produce documents to the Secretary of State, or any other authority, under any such legislation?
Enter full details in this section
d) been convicted of any criminal offence, censured, disciplined or publicly criticised by any inquiry, by the Takeover Panel or any governmental or statutory authority or any other regulatory body (other than as already indicated under 17(b) above)?
Enter full details in this section
19. Is the approved person aware of any business interests, employment obligations, or any other situations which may
conflict with the performance of the controlled functions for which approval is now sought?
Enter full details in this section
Enter Date of change:
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
133
Supplementary information Section 3
3.01
3.02
Is there any other information the approved person or the firm considers to be relevant to the application? †
Please provide full details †
Please indicate clearly which question the supplementary information relates to.
Question Information
3.03 How many additional sheets are being submitted?
I have supplied further information related to this page in Section 3
YES NO
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
134
Supporting Documents
Indicate the required supporting documents to accompany this form.
Documents Mode (by email, fax, post)
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
135
Declarations and signatures Section 4
DECLARATION OF APPROVED PERSON The firm must ask the individual to make the declaration only where the firm becomes aware of information that would reasonably be material to the assessment of the approved person's continuing fitness and propriety. Knowingly or recklessly giving the FCA and/or PRA information which is false or misleading in a material particular may be a criminal offence (section 398 of the Financial Services and Markets Act 2000). It should not be assumed that information is known to the FCA and/or PRA merely because it is in the public domain or has previously been disclosed to the FCA and/or PRA or another regulatory body. If there is any doubt about the relevance of information, it should be included. Data Protection
For the purposes of complying with the Data Protection Act, the personal information in this form will be used by the FCA and/or PRA to discharge its statutory functions under the Financial Services and Markets Act 2000 and other relevant legislation. It will not be disclosed for any other purposes without the permission of the applicant. I confirm that the information in this Form is accurate and complete to the best of my knowledge and belief and that I have read the notes to this Form.
The FCA and/or PRA may seek to verify the information given in this Form including answers pertaining to fitness and propriety. I authorise the FCA and/or PRA to make such enquiries and seek such further information as it thinks appropriate in the course of verifying the information given in this Form. I also understand that the results of these checks may be disclosed to my employer.
4.01 Full name of approved person i.e. Title, forenames, SURNAME
4.02 Signature
Date / /
DECLARATION OF FIRM Knowingly or recklessly giving the FCA and/or PRA information which is false or misleading in a material particular may be a criminal offence (sections 398 and 400 of the Financial Services and Markets Act 2000). SUP 15.6.1R and SUP 15.6.4R require an authorised person to take reasonable steps to ensure the accuracy and completeness of information given to the FCA and/or PRA and to notify the FCA and/or PRA immediately if materially inaccurate information has been provided. APER 4.4.7E provides that, where an approved person is responsible for reporting matters to the FCA and/or PRA, failure to inform the FCA and/or PRA of materially significant information of which he is aware is a breach of Statement of Principle 4. Contravention of these requirements may lead to disciplinary sanctions or other enforcement action by the FCA and/or PRA. It should not be assumed that information is known to the FCA and/or PRA merely because it is in the public domain or has previously been disclosed to the FCA and/or PRA or another regulatory body. If there is any doubt about the relevance of information, it should be included. I confirm that the information in this Form is accurate and complete to the best of my knowledge and belief and that I have read the notes to this Form.
4.03 Name of the firm
4.04 Name of person signing on behalf of the firm
4.05 Position
4.06 Signature
Date / /
These questions should only be completed if submission of this form is online. It should not be
completed if the form is being submitted in one of the other ways set out in SUP 15.7
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
136
Appendix 18: Incident Report Form
This document is available on the ITC Compliance Website, within the Documents Section
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
137
Appendix 19: Regulatory Breaches
PRIMARY SECONDARY TERTIARY BREACH OF:
PEOPLE Acting outside scope of
authority
Not acting within
delegated/binding authority
Not seeking correct sign
off/authorisation
ICOBS
ICOBS
Advice and Information
Poor communication
Incorrect information given
Advice given outside scope of
authorisation
ICOBS
ICOBS
ICOBS
Breach of Insurer
Agreement/TOBA/Client
Money
Acting outside Insurer
Agreement
No risk transfer in place
TOBA incorrect/not in place
TOBA not uploaded to the
system Breach of CASS rules
(client money)
ICOBS
CASS
ICOBS
Failure to follow Group
Procedures
CASS
Compliance Process not
followed
Complaint not dealt with within
timeframes
Financial Promotion not signed
off correctly
ITC Compliance bsite incorrect
DISP
ICOBS
ICOBS
Cover not
incepted/added/incorrect
Cover unclear
Cover/sums not actioned
New Business not incepted
Renewal not invited
ICOBS
ICOBS
ICOBS
ICOBS
Data Protection/Security
Building/doors not secured
Documents sent to incorrect
client/address
Documents lost or mislaid
DPA validation not sufficient
Data disclosed to third party
Credit card details stated on
recorded call
Cheque details held incorrectly
Lost laptop/phone
Data Security
Data Security
Data Security
Data Security
Data Security
Data Security
Data Security
Data Security
Delays Claim delays
Settlement cheque delay
Renewal sent late
ICOBS
ICOBS
ICOBS
Documentation
Incorrect/Missing/Late
Documents not attached
Additional documentation not
requested
Policy incorrect or not applied
Endorsement incorrect or not
applied
Documentation sent late
Excess incorrect or not applied
Dates incorrect
ICOBS
Failure to follow Procedures
ICOBS
ICOBS
ICOBS
ICOBS
ICOBS
Finance Failure to transfer bordereau
Finance agreement not
renewed
Failure to follow Procedures
Failure to follow
Procedures
ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9
138
Financial Crime Employee fraud
Theft of property/data
Financial Crime
Financial Crime
Internal Process not
followed
Cancellation processed
incorrectly
ICOBS
Rating/charging
incorrect
Bank details incorrect
Policy rated on incorrect basis
Debit raised incorrectly
Cover not charged for
Failure to follow Procedures
Failure to follow Procedures
Failure to follow Procedures
Failure to follow Procedures
Mis-selling Policy mis-sold ICOBS
Surveys Not requested
Not carried out
Not added to file
Failure to follow Procedures
Failure to follow Procedures
Failure to follow Procedures
PROCESS Internal Process or
Procedure
Process or procedure
incorrect/unclear
SYSC
Compliance Process or
Procedure
Process or procedure
incorrect/unclear
SYSC
SYSTEMS PCI DSS Failure to pause and resume Data Security
Systems error/failure Computer systems
Telephony systems
Rating matrix
Reports incorrect
Commercial
Commercial
Commercial
Commercial
EXTERNAL Third party provider Update not notified Commercial
Post/Courier Loss/missing item/delay Commercial
Utilities error/failure Phone network fault
Power Failure
Gas leak
Failure of external supplier
Commercial
Commercial
Commercial
Commercial
Weather – Act of God Preventing the business from
serving clients
Commercial